computer infected
-
computer infected
Hi
Thanks for sending me the email with information about virus removal. below are my logs for:
1. Malwarebytes (MBAM)
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4052
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
01/03/2011 12:23:17
mbam-log-2011-03-01 (12-23-17).txt
Scan type: Quick scan
Objects scanned: 120825
Time elapsed: 9 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AntiMalware_ProNE (Rogue.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
2. GMER
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-01 15:40:22
Windows 6.0.6001 Service Pack 1
Running: hwjrcrqv.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Ap plication@Sources MSDMine?MpfService?wltrys
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Applic ation@Sources MSDMine?MpfService?wltrys
---- EOF - GMER 1.0.15 ----
3. MBR (Check)
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x00000034
Kernel Drivers (total 142):
0x01C64000 \SystemRoot\system32\ntoskrnl.exe
0x01C1E000 \SystemRoot\system32\hal.dll
0x0060A000 \SystemRoot\system32\kdcom.dll
0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00641000 \SystemRoot\system32\PSHED.dll
0x00655000 \SystemRoot\system32\CLFS.SYS
0x006B2000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\System32\drivers\partmgr.sys
0x0099E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AE000 \SystemRoot\system32\drivers\volmgr.sys
0x00764000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A09000 \SystemRoot\system32\drivers\iastor.sys
0x00B19000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B5F000 \SystemRoot\system32\drivers\fileinfo.sys
4. DDS(2logs)
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 27/08/2009 17:05:41
System Uptime: 01/03/2011 13:02:07 (2 hours ago)
Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 83.415 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 5.232 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advertising Center
Amazon MP3 Downloader 1.0.10
Aqua Real 2
AudibleManager
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by lydia at 15:52:05.68 on 01/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3032.1231 [GMT 0:00]
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
============== Running Processes ===============
DDS.txt
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
thanks
-
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== ========================
Please, explain what are the issues.
MBRCheck and DDS logs are incomplete.
Please, redo.
-
Hi
Thanks for your reply. I thought some of the logs were a bit short will do them again. My computer has been acting strange. Windows movie maker does not have a moving image when editing movies, my desktop icons change size, to large, also when I try and save something the computer says there is no space. I check and there is. Also every so often the screen freezes and the mouse jumps all over the place. Avast has not been working properly I have updated it now with a new registration key. When I last used anti spy ware it came up with 7 trojans and that never normally happens. Will post the two logs again.
Thanks
-
Hi
Just sending through the two logs:
DDS
1.Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 27/08/2009 17:05:41
System Uptime: 01/03/2011 13:02:07 (2 hours ago)
Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 83.415 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 5.232 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advertising Center
Amazon MP3 Downloader 1.0.10
Aqua Real 2
AudibleManager
avast! Antivirus
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ContentSAFER for Wizmax
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Video Chat
Dell Webcam Central
DolbyFiles
DVD Shrink 3.2
EmoDio
Epson Easy Photo Print 2
EPSON Printer Software
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
FormatFactory 2.10
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
Jasc Paint Shop Pro 8
Java(TM) 6 Update 13
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
McAfee Security Scan
McAfee SecurityCenter
Menu Templates - Starter Kit
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nero 9 Essentials
Nero BurnRights
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart OEM
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
OpenOffice.org 3.1
PowerDVD DX
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Subliminal $SUBLIMINAL_VERSION
SUPERAntiSpyware Free Edition
TMM Semi Subliminal System
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
==== End Of File ===========================
2. DDS.txt
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by lydia at 15:52:05.68 on 01/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3032.1231 [GMT 0:00]
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\splwow64.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\lydia\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.zooborns.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SubVid] "C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe" /startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
mRun: [SMSTray] "C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\lydia\AppData\Roaming\MICROS~1\Windows\ST ARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\lydia\AppData\Roaming\MICROS~1\Windows\ST ARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {817206D1-7930-4207-BB34-3D07793524A6} = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2009-9-2 89680]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-27 307400]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswF sBlk.sys [2009-9-2 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2009-9-2 65616]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-27 172032]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-27 102600]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-8-27 49480]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\System32\drivers\OA009Ufd.sys [2009-3-6 159840]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\System32\drivers\OA009Vid.sys [2009-3-19 311296]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-8-27 392192]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-10-12 74480]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2009-8-27 41032]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-27 40904]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
=============== Created Last 30 ================
2011-03-01 14:20:17 3765288 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-01 14:20:14 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C1017EC1-D8F4-499A-9C8F-40D0D3ED1ABA}\mpengine.dll
2011-03-01 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-28 10:30:17 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2011-02-18 22:01:11 -------- d-----w- C:\Users\lydia\AppData\Roaming\Ashampoo
2011-02-18 22:00:49 -------- d-----w- C:\Users\lydia\AppData\Local\ashampoo
2011-02-18 22:00:49 -------- d-----w- C:\PROGRA~3\ashampoo
2011-02-10 12:41:39 -------- d-----w- C:\Program Files (x86)\Cisco
2011-02-10 12:35:25 -------- d-----w- C:\Users\lydia\AppData\Local\Apps
2011-02-10 12:35:24 -------- d-----w- C:\Users\lydia\AppData\Local\Deployment
2011-02-03 10:25:39 -------- d-----w- C:\Users\lydia\AppData\Roaming\SendSpace
2011-01-30 20
04 -------- d-----w- C:\PERFECT_DESIGN_3
2011-01-30 20:19:51 -------- d-----w- C:\Program Files (x86)\DVD Shrink
==================== Find3M ====================
2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-14 16:20:18 1251840 ----a-w- C:\Windows\System32\sdclt.exe
============= FINISH: 15:53:31.72 ===============
3. MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x00000034
Kernel Drivers (total 142):
0x01C64000 \SystemRoot\system32\ntoskrnl.exe
0x01C1E000 \SystemRoot\system32\hal.dll
0x0060A000 \SystemRoot\system32\kdcom.dll
0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00641000 \SystemRoot\system32\PSHED.dll
0x00655000 \SystemRoot\system32\CLFS.SYS
0x006B2000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\System32\drivers\partmgr.sys
0x0099E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AE000 \SystemRoot\system32\drivers\volmgr.sys
0x00764000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A09000 \SystemRoot\system32\drivers\iastor.sys
0x00B19000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B5F000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B73000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C08000 \SystemRoot\system32\drivers\ndis.sys
0x00E07000 \SystemRoot\system32\drivers\msrpc.sys
0x00E57000 \SystemRoot\system32\drivers\NETIO.SYS
0x01000000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01184000 \SystemRoot\system32\drivers\volsnap.sys
0x011C8000 \SystemRoot\System32\Drivers\spldr.sys
0x011D0000 \SystemRoot\System32\Drivers\mup.sys
0x00EAF000 \SystemRoot\System32\drivers\ecache.sys
0x011E2000 \SystemRoot\system32\drivers\disk.sys
0x00EDB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011F6000 \SystemRoot\system32\drivers\crcdisk.sys
0x02117000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02124000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02209000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x00F15000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02BD6000 \SystemRoot\System32\drivers\watchdog.sys
0x02BE5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0212D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02173000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02184000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C08000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02D80000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x02DE5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02197000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x02BF1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x021D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x021E1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x00DCB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02DFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02200000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x00DD8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02E0D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02E45000 \SystemRoot\system32\DRIVERS\storport.sys
0x02EA2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02EAF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02ED2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02EDE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02F0F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02F1F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02F3D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02F55000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F67000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02F69000 \SystemRoot\system32\DRIVERS\ks.sys
0x02F9D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02FA8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02FB8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x00DEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03008000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x03081000 \SystemRoot\system32\DRIVERS\portcls.sys
0x030BC000 \SystemRoot\system32\DRIVERS\drmk.sys
0x030DF000 \SystemRoot\system32\drivers\ksthunk.sys
0x030E5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x030EF000 \SystemRoot\System32\Drivers\Null.SYS
0x030F8000 \SystemRoot\System32\drivers\vga.sys
0x03106000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0312B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03134000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0313D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03148000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03159000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x03400000 \SystemRoot\System32\drivers\tcpip.sys
0x03574000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x035A0000 \SystemRoot\System32\Drivers\Mpfp.sys
0x035DD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03162000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x0317D000 \SystemRoot\system32\DRIVERS\smb.sys
0x03198000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x0360A000 \SystemRoot\system32\drivers\afd.sys
0x03677000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03680000 \SystemRoot\System32\DRIVERS\netbt.sys
0x036C4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x036E2000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x036F7000 \SystemRoot\system32\drivers\USBD.SYS
0x036F9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03708000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03723000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0373F000 \SystemRoot\system32\DRIVERS\OA009Vid.sys
0x0378B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x031A8000 \SystemRoot\system32\DRIVERS\OA009Ufd.sys
0x037D9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x031D0000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x03800000 \SystemRoot\system32\drivers\mfehidk.sys
0x0384A000 \SystemRoot\System32\Drivers\dfsc.sys
0x03867000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03883000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03891000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x039A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x039AD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x039C0000 \SystemRoot\system32\drivers\luafv.sys
0x039E2000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0x037E5000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x02000000 \SystemRoot\system32\drivers\spsys.sys
0x0209A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x020AE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x037EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x020E2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x14C04000 \SystemRoot\system32\drivers\HTTP.sys
0x14CA3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x14CCC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x14CEA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x14D04000 \SystemRoot\system32\drivers\mrxdav.sys
0x14D2B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x14D54000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x14D9D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x14DBC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x14E0F000 \SystemRoot\System32\DRIVERS\srv.sys
0x14EA5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x14EDA000 \SystemRoot\system32\drivers\peauth.sys
0x14F90000 \SystemRoot\System32\Drivers\secdrv.SYS
0x14F9B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x14FAA000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x14FB3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x14FCF000 \SystemRoot\system32\drivers\mfeavfk.sys
0x14FE7000 \SystemRoot\system32\drivers\mfesmfk.sys
0x14FF2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x773C0000 \Windows\System32\ntdll.dll
Processes (total 99):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
564 csrss.exe
600 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\svchost.exe
644 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_15f4e438\stacsv64.exe
1064 C:\Windows\System32\audiodg.exe
1112 C:\Windows\System32\SLsvc.exe
1148 C:\Windows\System32\svchost.exe
1268 C:\Program Files\Dell\DellDock\DockLogin.exe
1348 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\WLTRYSVC.EXE
1492 C:\Windows\System32\BCMWLTRY.EXE
1500 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1512 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1804 C:\Windows\System32\spoolsv.exe
1828 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\dwm.exe
484 C:\Windows\System32\taskeng.exe
2172 C:\Windows\System32\taskeng.exe
2336 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_15f4e438\AESTSr64.exe
2392 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2512 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
2544 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2600 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
2652 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
2672 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2808 C:\Windows\System32\svchost.exe
2840 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2908 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2984 C:\Windows\System32\svchost.exe
3040 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\SearchIndexer.exe
1836 C:\Windows\System32\rundll32.exe
1448 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
2804 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
3076 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
3520 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
3708 C:\Program Files\Windows Defender\MSASCui.exe
3720 C:\Program Files\DellTPad\Apoint.exe
3728 C:\Program Files\IDT\WDM\sttray64.exe
3740 C:\Windows\System32\igfxtray.exe
3772 C:\Windows\System32\hkcmd.exe
3812 C:\Windows\System32\igfxpers.exe
3820 WmiPrvSE.exe
3832 C:\Windows\System32\WLTRAY.EXE
3868 C:\Program Files\Dell\QuickSet\quickset.exe
3928 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3940 C:\Program Files\Windows Sidebar\sidebar.exe
3960 C:\Windows\ehome\ehtray.exe
3968 C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
3976 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3984 C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe
4004 C:\Program Files (x86)\Skype\Phone\Skype.exe
4016 C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
4032 C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
4040 C:\Windows\System32\igfxsrvc.exe
4076 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4084 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
4092 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1708 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3184 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3204 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
3208 C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
1016 C:\Windows\ehome\ehmsas.exe
4512 C:\Program Files\DellTPad\ApMsgFwd.exe
4648 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
4832 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4268 C:\Program Files\DellTPad\ApntEx.exe
4312 C:\Windows\System32\wbem\unsecapp.exe
4500 C:\Program Files\DellTPad\hidfind.exe
4824 C:\Program Files\Windows Media Player\wmpnscfg.exe
4792 C:\Program Files\Windows Media Player\wmpnetwk.exe
4752 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
5184 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
5712 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
3664 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
3616 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
2492 C:\Windows\splwow64.exe
5724 C:\Windows\explorer.exe
2820 C:\Program Files (x86)\Internet Explorer\ieuser.exe
4184 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4188 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
6892 C:\Windows\System32\SearchProtocolHost.exe
6888 C:\Windows\System32\SearchFilterHost.exe
6196 dllhost.exe
2232 dllhost.exe
2448 C:\Users\lydia\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG000D
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
Done!
thanks
-
You're running two AV programs, McAfee and Avast.
One of them has to go.
If McAfee, make sure to use this tool to uninstall it: Download McAfee Consumer Product Removal Tool 3.5.109.1 Free - Will remove all 2005, 2006, and 2007 versions of McAfee consumer products - Softpedia
================================================== ========================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Hi
Thanks for your email
None of the rkill download applications worked. I also tried it in safe mode.
Below is posted the log for combofix. Thanks
ComboFix 11-03-02.05 - lydia 03/03/2011 11:18:50.1.2 - x64
Running from: c:\users\lydia\Desktop\ComboFix.exe
.
ADS - Windows: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\lydia\AppData\Roaming\DataSafeDotNet.exe
c:\users\lydia\AppData\Roaming\inst.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\muzapp.exe
c:\windows\SysWow64\muzapp.exe
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.
2011-03-03 11:29 . 2011-03-03 11:35 -------- d-----w- c:\users\lydia\AppData\Local\temp
2011-03-01 14:20 . 2011-02-23 09:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1017EC1-D8F4-499A-9C8F-40D0D3ED1ABA}\mpengine.dll
2011-03-01 14:20 . 2011-02-02 17:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-28 10:30 . 2011-02-28 10:30 -------- d-----w- c:\program files (x86)\MyFree Codec
2011-02-18 22:01 . 2011-02-18 22:01 -------- d-----w- c:\users\lydia\AppData\Roaming\Ashampoo
2011-02-18 22:00 . 2011-02-18 22:00 -------- d-----w- c:\users\lydia\AppData\Local\ashampoo
2011-02-18 22:00 . 2011-02-18 22:00 -------- d-----w- c:\programdata\ashampoo
2011-02-10 12:41 . 2011-02-10 12:41 -------- d-----w- c:\program files (x86)\Cisco
2011-02-10 12:35 . 2011-02-10 12:35 -------- d-----w- c:\users\lydia\AppData\Local\Apps
2011-02-10 12:35 . 2011-02-10 12:36 -------- d-----w- c:\users\lydia\AppData\Local\Deployment
2011-02-03 10:25 . 2011-02-03 10:25 -------- d-----w- c:\users\lydia\AppData\Roaming\SendSpace
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-28 15:26 . 2011-01-12 19:21 462848 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 14:57 . 2011-01-12 19:21 409600 ----a-w- c:\windows\SysWow64\odbc32.dll
2010-12-14 16:20 . 2011-01-12 19:26 1251840 ----a-w- c:\windows\system32\sdclt.exe
2010-12-09 11:49 . 2010-12-09 11:49 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"SubVid"="c:\program files (x86)\MindMovies\Subliminal\SubVid.exe" [2008-09-16 139264]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-01-23 274608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-10-12 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0. 30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 aswSP;avast! Self Protection; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-31 89600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2009-11-24 22096]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\as wMonFlt.sys [2009-11-24 65616]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 172032]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 159840]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 311296]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2008-08-31 392192]
.
Contents of the 'Scheduled Tasks' folder
2011-03-03 c:\windows\Tasks\User_Feed_Synchronization-{799637AF-0274-4478-837D-9BC2F08DF820}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2009-03-31 202264]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.zooborns.com/
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: {817206D1-7930-4207-BB34-3D07793524A6} = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00 ,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Completion time: 2011-03-03 11:39:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-03 11:39
Pre-Run: 89,679,126,528 bytes free
Post-Run: 92,340,703,232 bytes free
- - End Of File - - 3D6A5F4D157651D2D4EB2C0F7D7E7714
-
Looks good 
How is computer doing?
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
Hi
just sending through first log.
logfile created on: 04/03/2011 13:27:01 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\lydia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 86.08 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.23 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Computer Name: LYDIA-PC | User Name: lydia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{41F944B4-ECA5-46E0-B532-9080857F6581}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{968F523C-1A8E-4F21-86D7-BD92678F55FF}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{06A6AFF7-FC1E-4B41-9A87-CF2D176256B6}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{11380512-FC27-497F-9D5C-DD10815978DD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1A48D5C9-45F7-46CB-A5D6-5AE8D8D047C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1C00E171-232D-46AB-9C67-B1359B87B015}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{39FDD2AE-1C22-4B9C-8AF2-FFCF7C0A5B6D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7354FA5F-A09D-4901-BA18-10B6C2115701}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7EBABDCB-6775-4589-AF04-8840B80931F0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{9D2FA61A-2ADC-464C-910A-F4771CAA9815}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A040581C-73FC-4FFD-8580-D7528B077661}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{A4E466DF-42BA-4544-9171-8F85C98EF0CD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{BED1C54F-2CE6-4CD6-967B-52856429D3A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CB54940B-291B-467F-8093-EE76447DDE27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D767B7A8-0F51-4F86-A5AC-57E71DF4850F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EFDDE57C-442E-4BCE-B5FC-6C9D0200AC5D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{B8A43BD3-8DE9-4BB8-876F-F4DF19012BF1}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{7BF5D5FF-F195-445F-9C47-EA7C6D237D7C}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B1DB2FA-9E05-3494-B7CE-16F3236CAE3F}" = Acrobat.com
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3eedf358-81ca-4ee4-84f9-fc218d537052}" = Nero 9 Essentials
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF78B2D8-1347-5107-BA50-BB0E5AF8EA51}" = TMM Semi Subliminal System
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F7854477-09E6-4614-B958-834AD6D64C70}" = Aqua Real 2
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"FormatFactory" = FormatFactory 2.10
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MyFreeCodec" = MyFreeCodec
"QMPSemiSubliminal.BB61DC16E450457A59954B18068F209 8413A936F.1" = TMM Semi Subliminal System
"RealPlayer 12.0" = RealPlayer
"Subliminal" = Subliminal $SUBLIMINAL_VERSION
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1170690294-4168336947-2637714527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 24/02/2011 20:05:30 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Roaming\Microsoft\Windows\C ookies\index.dat failed, 00000005.
Error - 27/02/2011 17:52:50 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat failed,
00000005.
Error - 02/03/2011 17:58:52 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat
failed, 00000005.
Error - 03/03/2011 07:44:09 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ProgramData\Dell\QuickSet\QSEBLSHARE failed, 00000005.
Error - 03/03/2011 07:55:58 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Local\Microsoft\Windows\His tory\History.IE5\MSHist012011030320110304\index.da t
failed, 00000005.
Error - 03/03/2011 07
01 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat failed,
00000005.
Error - 03/03/2011 15:32:06 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Local\Microsoft\Feeds\Feeds Store.feedsdb-ms failed, 00000005.
Error - 03/03/2011 15:32:06 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds failed, 00000005.
Error - 03/03/2011 15:32:14 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Roaming\Microsoft\Windows\C ookies\index.dat failed, 00000005.
Error - 03/03/2011 18:37:59 | Computer Name = lydia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\lydia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat
failed, 00000005.
[ Application Events ]
Error - 14/02/2011 16:47:06 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 17:17:06 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 17:17:06 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 17:47:06 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 17:47:06 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 18:04:18 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 18:04:36 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 18:04:44 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 18:04:44 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/02/2011 18:04:51 | Computer Name = lydia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Thanks
Last edited by yellow4; 07-03-2011 at 09:46 AM.
-
Hi
Sorry to email again before you have replied to my last email. I do not think my avast is working as I cannot see the ball moving along the bottom as before. I have updated it with a new registration key. Also was alerted of trojans on the computer from a window which popped up whilst I was on the internet - so hard to tell whether it was a fake. It wanted to do a scan and then told me what was on my computer. Hope you can help
Thanks
-
You posted Extras.txt twice.
I still need OTL.txt log.
Junior Member
