Digerati Infection Check Actions and Logs as Requested

**mattanddo** · 25-05-2011

As requested Digerati, all actions completed, logs assigned below.
Here's hoping we can get it resolved at last, many thanks for your help and patience so far, I'm not the greatest at technology

Malwarebytes' Anti-Malware 1.51.0.600
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6670

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

25/05/2011 09:18:08
mbam-log-2011-05-25 (09-18-08).txt

Scan type: Quick scan
Objects scanned: 203963
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{8ceed51b-131f-a870-4439-8cec0585f50d} (Adware.Ezula) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{8CEED51B-131F-A870-4439-8CEC0585F50D} (Adware.Ezula) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{8CEED51B-131F-A870-4439-8CEC0585F50D} (Adware.Ezula) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{8CEED51B-131F-A870-4439-8CEC0585F50D} (Adware.Ezula) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{74AF5514-10C5-BE30-991A-AF331D38DCD8} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74AF5514-10C5-BE30-991A-AF331D38DCD8} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{74AF5514-10C5-BE30-991A-AF331D38DCD8} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{74AF5514-10C5-BE30-991A-AF331D38DCD8} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\SysWOW64\7d2de886.dll (Adware.Ezula) -> Quarantined and deleted successfully.
c:\Windows\System32\7d2de886.dll (Adware.Ezula) -> Quarantined and deleted successfully.
c:\Windows\System32\eec141ae.exe (Adware.Ezula) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\eec141ae.exe (Adware.Ezula) -> Quarantined and deleted successfully.

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-25 10:00:54
Windows 6.1.7600
Running: xvdkgri6.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001060d009d8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001060d009d8@0023d60fa556 0xAB 0xF9 0x82 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001060d009d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001060d009d8@0023d60fa556 0xAB 0xF9 0x82 0x8B ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Matthew\Downloads\The Fall Trilogy \x2013 Chapter 1 Separation\The Fall Trilogy - Chapter 1 Separation.exe 1

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Packard Bell
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Packard Bell
System Product Name: ixtreme M5722
Logical Drives Mask: 0x00007ffc

Kernel Drivers (total 203):
0x03201000 \SystemRoot\system32\ntoskrnl.exe
0x037DD000 \SystemRoot\system32\hal.dll
0x00BD1000 \SystemRoot\system32\kdcom.dll
0x00C09000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4D000 \SystemRoot\system32\PSHED.dll
0x00C61000 \SystemRoot\system32\CLFS.SYS
0x00CBF000 \SystemRoot\system32\CI.dll
0x00EF8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED4000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00EDB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FAB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EEB000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\N360x64\0501000.01D\S YMDS64.SYS
0x010BD000 \SystemRoot\system32\drivers\fileinfo.sys
0x010D1000 \SystemRoot\system32\drivers\N360x64\0501000.01D\S YMEFA64.SYS
0x011B5000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01246000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01401000 \SystemRoot\System32\Drivers\msrpc.sys
0x0145F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01479000 \SystemRoot\System32\Drivers\cng.sys
0x014EC000 \SystemRoot\System32\drivers\pcw.sys
0x014FD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01507000 \SystemRoot\system32\drivers\ndis.sys
0x016E1000 \SystemRoot\system32\drivers\NETIO.SYS
0x01741000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0176C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
0x01654000 \SystemRoot\System32\drivers\rdyboost.sys
0x0168E000 \SystemRoot\System32\Drivers\RapportKE64.sys
0x016A1000 \SystemRoot\System32\Drivers\mup.sys
0x016B3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x017B6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x016BC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02C19000 \SystemRoot\System32\Drivers\N360x64\0501000.01D\S RTSP64.SYS
0x02CD9000 \SystemRoot\system32\drivers\N360x64\0501000.01D\I ronx64.SYS
0x02D06000 \SystemRoot\system32\drivers\N360x64\0501000.01D\S RTSPX64.SYS
0x02D1C000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03E08000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\ 20110524.018\EX64.SYS
0x02D52000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\ 20110524.018\ENG64.SYS
0x02D72000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
0x03FF7000 \SystemRoot\System32\Drivers\Null.SYS
0x03E00000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D85000 \SystemRoot\System32\drivers\vga.sys

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Matthew at 10:11:27 on 2011-05-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6143.4539 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Matthew\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\TLR7DRBI\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig?brand=ACPW&bmod=PBEU
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m5722&r=173601106 206p0345v175y48l11387
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m5722&r=173601106 206p0345v175y48l11387
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m5722&r=173601106 206p0345v175y48l11387
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Matthew\AppData\Roaming\DVDVideoSoftIEHel pers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5 017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40306.0076273148
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
mRun-x64: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
mRun-x64: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHl pa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Driver s\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000. 01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SY MDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\050 1000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SY MEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\2 0110518.001\BHDrvx64.sys [2011-5-19 1127032]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20 110518.001\IDSviA64.sys [2011-5-19 476792]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-4-28 52496]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-4-28 61200]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000 .01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ir onx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000 .01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SY MNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-25 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-25 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgn tflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 lxea_device;lxea_device;C:\Windows\system32\lxeaco ms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-5-19 130008]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-8-28 240160]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-10 136824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectServ ice;C:\Windows\System32\spool\DRIVERS\x64\3\lxease rv.exe [2009-7-29 45736]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-25 08:14:30 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Malwarebytes
2011-05-25 08:14:15 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-25 08:14:14 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-25 08:14:11 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-25 08:14:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-25 07:54:09 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-25 07:54:09 -------- d-----w- C:\ProgramData\Avira
2011-05-25 07:54:09 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-25 07:18:42 -------- d-----w- C:\Users\Matthew\AppData\Local\{F7F297FA-5946-412B-9660-3FDC46EC255A}
2011-05-24 17:28:59 -------- d-----w- C:\Users\Matthew\AppData\Local\{051449D3-FA4B-4DA5-8C85-E159E71F0B1B}
2011-05-23 18:38:06 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-23 18:37:39 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0305000. 017
2011-05-23 18:37:39 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2011-05-23 18:37:37 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2011-05-23 17:34:24 -------- d-----w- C:\Users\Matthew\AppData\Local\{BE6522FB-E904-4D65-BF09-D4A05E1999BE}
2011-05-22 19:06:48 -------- d-----w- C:\Users\Matthew\AppData\Local\NPE
2011-05-22 18:24:06 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Tific
2011-05-22 18:19:56 -------- d-----w- C:\Users\Matthew\AppData\Local\{1CA771AA-320F-490B-AACB-98CA98D8FE94}
2011-05-22 09:52:28 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-05-22 09:31:02 -------- d-----w- C:\Users\Matthew\AppData\Local\{0E53D21E-903E-4331-BFE7-5CA77518591E}
2011-05-21 17:15:09 -------- d-----w- C:\Users\Matthew\AppData\Local\{E1E3C4EF-986A-4100-B454-29E4ADFFD196}
2011-05-20 08:19:16 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-20 08:19:04 -------- d-----w- C:\c8641eb25a898e50a1
2011-05-20 08:16:59 235008 ------w- C:\Windows\System32\hgprint.dll
2011-05-20 08:14:39 529408 ------w- C:\Windows\System32\wbemcomn.dll
2011-05-20 08:14:39 1225216 ------w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-20 07

47 -------- d-----w- C:\Users\Matthew\AppData\Local\{4F42C30C-D7C2-4931-A9C8-E8AC5F0F24DB}
2011-05-19 08:38:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-19 07:17:19 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Sy mEFA64.sys
2011-05-19 07:17:19 382584 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\sy mnets.sys
2011-05-19 07:17:18 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\sr tsp64.sys
2011-05-19 07:17:18 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Sy mDS64.sys
2011-05-19 07:17:18 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\sr tspx64.sys
2011-05-19 07:17:18 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ir onx64.sys
2011-05-19 07:17:12 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-05-19 07:04:25 -------- d-----w- C:\Users\Matthew\AppData\Local\{AB5A9908-023E-4763-80E6-214B50A4DF95}
2011-05-18 18:16:23 -------- d-----w- C:\Users\Matthew\AppData\Local\{FAE1DEF6-68DF-4167-ABD6-4E79D386AACE}
2011-05-18 06:15:19 -------- d-----w- C:\Users\Matthew\AppData\Local\{3C29D021-7872-4F1E-9674-5A3CE900E8DB}
2011-05-17 18:33:39 50327 ----a-w- C:\Windows\SysWow64\caumhtjgqvuubxlv.exe
2011-05-17 17:38:38 -------- d-----w- C:\Users\Matthew\AppData\Local\{E7626B62-01D7-4B9E-A634-29AE5D91FA70}
2011-05-17 16:37:49 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-17 16:37:49 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-16 18:03:02 -------- d-----w- C:\Users\Matthew\AppData\Local\{6D0D4289-8C5C-4D15-BAA4-DC88EDE565CC}
2011-05-15 16:26:01 -------- d-----w- C:\Users\Matthew\AppData\Local\{216FC82C-51B1-4A7A-B838-3D81EBDFFF9F}
2011-05-14 17:08:56 -------- d-----w- C:\Users\Matthew\AppData\Local\{81ABBEA3-6EBA-43A2-BBCC-079EE662DF25}
2011-05-14 16:58:13 -------- d-----w- C:\Users\Matthew\AppData\Roaming\FlyWheelGames
2011-05-14 00:00:25 -------- d-----w- C:\Users\Matthew\AppData\Local\{72A6232C-3083-462E-BFF8-283D95ECF121}
2011-05-13 07:34:08 -------- d-----w- C:\Users\Matthew\AppData\Local\{E4E760F1-DC0C-4510-B300-5540EF6D39BD}
2011-05-12 14:29:01 -------- d-----w- C:\Users\Matthew\AppData\Local\{1F5090AE-3439-4119-9D13-DD74EC845D00}
2011-05-11 18:39:20 -------- d-----w- C:\Users\Matthew\AppData\Local\{A0F9230E-8127-420B-BDE7-847EC5758AEE}
2011-05-11 18:00:54 -------- d-----w- C:\Users\Matthew\AppData\Roaming\EleFun Games
2011-05-11 16:35:00 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 16:34:59 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:34:58 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 16:34:51 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 16:34:51 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 16:34:51 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 16:34:51 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 16:34:50 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 16:34:50 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 16:34:50 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 06:38:45 -------- d-----w- C:\Users\Matthew\AppData\Local\{75681299-F1A9-4681-870B-6A4C44ED1BE9}
2011-05-10 18:03:14 -------- d-----w- C:\Users\Matthew\AppData\Local\{68D3868E-BA46-44E1-84F7-0C3C7C97BC63}
2011-05-09 19:06:10 -------- d-----w- C:\Users\Matthew\AppData\Local\{866DC858-FCB7-4C39-9B12-4A57754AF40A}
2011-05-08 17:15:15 -------- d-----w- C:\Users\Matthew\AppData\Local\{CC2BC940-C10E-456D-853E-FD6E7A744230}
2011-05-07 07:31:00 -------- d-----w- C:\Users\Matthew\AppData\Local\{CA5B9EB7-374E-4573-A7E7-34FCF1C97B55}
2011-05-06 06:45:16 -------- d-----w- C:\Users\Matthew\AppData\Local\{6755AF4C-80D7-46EB-8128-CF69867423EF}
2011-05-05 06:49:24 -------- d-----w- C:\Users\Matthew\AppData\Local\{ED9F446D-22E2-42D0-8146-6EFFAB1000F9}
2011-05-04 06:03:22 -------- d-----w- C:\Users\Matthew\AppData\Local\{DB9A4F2E-C2B2-426D-BC74-B0E084AEC6B0}
2011-04-30 21:43:17 -------- d-----w- C:\Users\Matthew\AppData\Local\{2881F19E-543E-4362-93BB-8FED51F4B9F9}
2011-04-30 15:34:06 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Friday's games
2011-04-30 06:50:20 -------- d-----w- C:\Users\Matthew\AppData\Local\{D01524F1-414F-421B-8FF5-C9DF962390F3}
2011-04-29 17

13 -------- d-----w- C:\Users\Matthew\AppData\Local\{596CBF1A-0D4C-4756-910F-E0B435BEC796}
2011-04-28 06:30:53 -------- d-----w- C:\Users\Matthew\AppData\Local\{FD24F022-60F2-44B5-8FFE-F09174CB5236}
2011-04-28 06:30:15 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-28 06:30:15 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-27 08:01:16 -------- d-----w- C:\Users\Matthew\AppData\Local\{EDDE8E5C-96F2-4901-AEE6-CDFD9B1D22B0}
2011-04-26 17:45:23 -------- d-----w- C:\Users\Matthew\AppData\Local\{99E35C2D-3937-45D5-BECA-94882A268729}
2011-04-25 09:23:09 -------- d-----w- C:\Users\Matthew\AppData\Local\iMesh
.
==================== Find3M ====================
.
2011-05-19 07:17:59 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-04-28 13:34:54 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-16 07:09:59 89088 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent(289).dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 16:14:52 771157 ----a-w- C:\ProgramData\SPLF9F7.tmp
2011-03-10 16:12:38 771157 ----a-w- C:\ProgramData\SPL2CD8.tmp
2011-03-08 14:48:38 769321 ----a-w- C:\ProgramData\SPLF552.tmp
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr(282).dll
2011-03-03 06:17:09 356352 ----a-w- C:\Windows\System32\dnsapi(281).dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:29:23 269824 ----a-w- C:\Windows\SysWow64\dnsapi(436).dll
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
.
============= FINISH: 10:11:50.10 ===============

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SkyPlayer for Windows Media Center
Steam
Switch Sound File Converter
TOSHIBA Bluetooth Stack for Apache by CSR
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Videora iPod Converter 5.04
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
25/05/2011 09:20:35, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
25/05/2011 09:20:35, Error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/05/2011 09:07:56, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Packard Bell.
25/05/2011 08:54:32, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
25/05/2011 08:26:15, Error: Service Control Manager [7034] - The lxea_device service terminated unexpectedly. It has done this 1 time(s).
23/05/2011 18:32:54, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
23/05/2011 18:32:28, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
22/05/2011 11:26:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
22/05/2011 11:24:54, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
22/05/2011 11:24:54, Error: SRTSP [4] - Error loading virus definitions.
21/05/2011 18:14:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
20/05/2011 09:41:45, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
20/05/2011 09:39:33, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
19/05/2011 10:10:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
18/05/2011 07:16:50, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================

**broni** · 25-05-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ======================

You're not saying what the computer issues are.

You're running two AV programs, Norton and Avira.
One of them has to go.
If Norton, make sure to use this tool to uninstall it: Download and run the Norton Removal Tool to uninstall your Norton product | Norton Support

When done...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

================================================== =========

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**mattanddo** · 25-05-2011

Apologies broni, I assumed the original info would come over with this, here is how things started:-
Internet Explorer Audio

When I access any video site via Internet Explorer 9 e.g. You Tube, IMDB, I have no audio on the clips, this has only just started to happen, audio is fine on any files held on the PC music or video, not sure how to correct this.
Then after re-installing Adobe Flash player as suggested:-
Major problems Digerati, please help, I tried system restore, it didn't work, got an error message saying it couldn't restore, then I noticed norton not showing correctly just a black screen, nothing to see, identity safe not working etc. Internet explorer keeps freezing this is the 4th time I've had to type this message, I earlier tried to undo what system restore had occurred if any and the message I got was that this was successful but I still have problems, incidentally I have tried to uninstall (to re-install) flash but the uninstaller kept freezing.
And my last message was that internet explore keeps crashing now on any search saying problems with web page I am trying to find.
Incidentally the reason I added Avira was that this was in the instructions I received, I will start to go through your advice and let you know what happens, right now I can update that as well as the above problems my windows live has now started to fail and I get the message about not having enough memory when I try to open word doc's !!

**broni** · 25-05-2011

Thanks

Incidentally the reason I added Avira was that this was in the instructions I received

No, the instructions say to install AV program if you do NOT have one. That's not your case.

**mattanddo** · 26-05-2011

Hi broni actions completed (I Hope) as requested, here are the logs

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-26 19:29:37
-----------------------------
19:29:37.794 OS Version: Windows x64 6.1.7600
19:29:37.794 Number of processors: 4 586 0x170A
19:29:37.794 ComputerName: MATTHEW-PC UserName: Matthew
19:29:40.352 Initialize success
19:29:45.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:29:45.516 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
19:29:47.559 Disk 0 MBR read successfully
19:29:47.559 Disk 0 MBR scan
19:29:47.559 Disk 0 Windows 7 default MBR code
19:29:47.559 Service scanning
19:29:53.191 Disk 0 trace - called modules:
19:29:53.207 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
19:29:53.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006589060]
19:29:53.222 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005f62e40]
19:29:53.222 5 ACPI.sys[fffff88000efe781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062ee060]
19:29:53.222 Scan finished successfully
19:30:26.247 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"
19:30:26.247 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR.txt"

And the Combofix Log

ComboFix 11-05-23.02 - Matthew 26/05/2011 19:39:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6143.4404 [GMT 1:00]
Running from: c:\users\Matthew\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthew\AppData\Roaming\.#
c:\users\Matthew\AppData\Roaming\Adobe\plugs
K:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 18:37 . 2011-05-26 18:37 -------- d-----w- C:\32788R22FWJFW
2011-05-26 18:04 . 2011-05-26 18:04 -------- d-----w- c:\users\Matthew\AppData\Local\{F3E43DFB-076B-4396-84BD-7FEBB6D28BC0}
2011-05-26 05:26 . 2011-05-26 05:26 -------- d-----w- c:\users\Matthew\AppData\Local\{D54E46B1-3F22-43E1-B238-99CD3F7E76B1}
2011-05-25 15:18 . 2011-05-25 15:18 -------- d-----w- c:\users\Matthew\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-25 13:54 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 09:25 . 2011-05-25 09:25 -------- d-----w- c:\users\Matthew\AppData\Local\Mozilla
2011-05-25 09:16 . 2011-05-25 09:16 -------- d-----w- c:\users\Matthew\AppData\Roaming\Avira
2011-05-25 08:14 . 2011-05-25 08:14 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes
2011-05-25 08:14 . 2011-05-18 12:41 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-25 08:14 . 2011-05-25 08:14 -------- d-----w- c:\programdata\Malwarebytes
2011-05-25 08:14 . 2011-05-25 08:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-25 08:14 . 2011-05-18 12:41 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 07:54 . 2011-05-25 07:54 -------- d-----w- c:\programdata\Avira
2011-05-25 07:54 . 2011-05-25 07:54 -------- d-----w- c:\program files (x86)\Avira
2011-05-25 07:54 . 2011-04-01 16:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-25 07:54 . 2011-04-01 16:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-25 07:18 . 2011-05-25 07:18 -------- d-----w- c:\users\Matthew\AppData\Local\{F7F297FA-5946-412B-9660-3FDC46EC255A}
2011-05-24 17:28 . 2011-05-24 17:29 -------- d-----w- c:\users\Matthew\AppData\Local\{051449D3-FA4B-4DA5-8C85-E159E71F0B1B}
2011-05-23 18:38 . 2010-08-21 03:59 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-23 18:37 . 2011-05-23 18:37 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2011-05-23 18:37 . 2011-05-23 18:37 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2011-05-23 17:34 . 2011-05-23 17:34 -------- d-----w- c:\users\Matthew\AppData\Local\{BE6522FB-E904-4D65-BF09-D4A05E1999BE}
2011-05-22 19:06 . 2011-05-22 19:06 -------- d-----w- c:\users\Matthew\AppData\Local\NPE
2011-05-22 18:24 . 2011-05-22 18:24 -------- d-----w- c:\users\Matthew\AppData\Roaming\Tific
2011-05-22 18:19 . 2011-05-22 18:20 -------- d-----w- c:\users\Matthew\AppData\Local\{1CA771AA-320F-490B-AACB-98CA98D8FE94}
2011-05-22 09:52 . 2011-05-22 09:52 -------- d-----w- c:\windows\SysWow64\Adobe
2011-05-22 09:50 . 2011-05-22 09:57 -------- d-----w- c:\programdata\NOS
2011-05-22 09:50 . 2011-05-22 09:50 -------- d-----w- c:\program files (x86)\NOS
2011-05-22 09:31 . 2011-05-22 09:31 -------- d-----w- c:\users\Matthew\AppData\Local\{0E53D21E-903E-4331-BFE7-5CA77518591E}
2011-05-21 17:15 . 2011-05-21 17:15 -------- d-----w- c:\users\Matthew\AppData\Local\{E1E3C4EF-986A-4100-B454-29E4ADFFD196}
2011-05-20 08:19 . 2011-05-20 08:19 -------- d-----w- c:\windows\system32\EventProviders
2011-05-20 08:19 . 2011-05-22 10:18 -------- d-----w- C:\c8641eb25a898e50a1
2011-05-20 08:16 . 2010-11-20 13:26 235008 ------w- c:\windows\system32\hgprint.dll
2011-05-20 08:14 . 2010-11-20 13:27 529408 ------w- c:\windows\system32\wbemcomn.dll
2011-05-20 08:14 . 2010-11-20 13:27 1225216 ------w- c:\windows\system32\wbem\wbemcore.dll
2011-05-20 07:56 . 2011-05-20 07:57 -------- d-----w- c:\users\Matthew\AppData\Local\{4F42C30C-D7C2-4931-A9C8-E8AC5F0F24DB}
2011-05-19 08:38 . 2011-05-19 08:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 08:38 . 2011-02-02 20:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-19 07:17 . 2011-05-26 18:23 -------- d-----w- c:\windows\system32\drivers\N360x64\0501000.01D
2011-05-19 07:04 . 2011-05-19 07:04 -------- d-----w- c:\users\Matthew\AppData\Local\{AB5A9908-023E-4763-80E6-214B50A4DF95}
2011-05-18 18:16 . 2011-05-18 18:16 -------- d-----w- c:\users\Matthew\AppData\Local\{FAE1DEF6-68DF-4167-ABD6-4E79D386AACE}
2011-05-18 06:15 . 2011-05-18 06:15 -------- d-----w- c:\users\Matthew\AppData\Local\{3C29D021-7872-4F1E-9674-5A3CE900E8DB}
2011-05-17 18:34 . 2011-05-17 18:34 -------- d-----w- c:\users\Matthew\AppData\Roaming\Games
2011-05-17 18:33 . 2011-05-17 18:33 50327 ----a-w- c:\windows\SysWow64\caumhtjgqvuubxlv.exe
2011-05-17 17:38 . 2011-05-17 17:38 -------- d-----w- c:\users\Matthew\AppData\Local\{E7626B62-01D7-4B9E-A634-29AE5D91FA70}
2011-05-17 16:37 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 16:37 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-16 18:03 . 2011-05-16 18:03 -------- d-----w- c:\users\Matthew\AppData\Local\{6D0D4289-8C5C-4D15-BAA4-DC88EDE565CC}
2011-05-15 23:10 . 2011-05-23 17:31 -------- d-----w- c:\users\Dodgy Doi
2011-05-15 16:26 . 2011-05-15 16:26 -------- d-----w- c:\users\Matthew\AppData\Local\{216FC82C-51B1-4A7A-B838-3D81EBDFFF9F}
2011-05-14 17:08 . 2011-05-14 17:09 -------- d-----w- c:\users\Matthew\AppData\Local\{81ABBEA3-6EBA-43A2-BBCC-079EE662DF25}
2011-05-14 16:58 . 2011-05-14 16:58 -------- d-----w- c:\users\Matthew\AppData\Roaming\FlyWheelGames
2011-05-14 00:00 . 2011-05-14 00:00 -------- d-----w- c:\users\Matthew\AppData\Local\{72A6232C-3083-462E-BFF8-283D95ECF121}
2011-05-13 07:34 . 2011-05-13 07:34 -------- d-----w- c:\users\Matthew\AppData\Local\{E4E760F1-DC0C-4510-B300-5540EF6D39BD}
2011-05-12 14:29 . 2011-05-12 14:29 -------- d-----w- c:\users\Matthew\AppData\Local\{1F5090AE-3439-4119-9D13-DD74EC845D00}
2011-05-11 18:39 . 2011-05-11 18:39 -------- d-----w- c:\users\Matthew\AppData\Local\{A0F9230E-8127-420B-BDE7-847EC5758AEE}
2011-05-11 18:00 . 2011-05-11 18:00 -------- d-----w- c:\users\Matthew\AppData\Roaming\EleFun Games
2011-05-11 16:35 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 16:34 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:34 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 16:34 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 16:34 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 16:34 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 16:34 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 16:34 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 16:34 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 16:34 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 06:38 . 2011-05-11 06:38 -------- d-----w- c:\users\Matthew\AppData\Local\{75681299-F1A9-4681-870B-6A4C44ED1BE9}
2011-05-10 18:03 . 2011-05-10 18:03 -------- d-----w- c:\users\Matthew\AppData\Local\{68D3868E-BA46-44E1-84F7-0C3C7C97BC63}
2011-05-09 19:06 . 2011-05-09 19:06 -------- d-----w- c:\users\Matthew\AppData\Local\{866DC858-FCB7-4C39-9B12-4A57754AF40A}
2011-05-08 17:15 . 2011-05-08 17:15 -------- d-----w- c:\users\Matthew\AppData\Local\{CC2BC940-C10E-456D-853E-FD6E7A744230}
2011-05-07 07:31 . 2011-05-07 07:31 -------- d-----w- c:\users\Matthew\AppData\Local\{CA5B9EB7-374E-4573-A7E7-34FCF1C97B55}
2011-05-06 06:45 . 2011-05-06 06:45 -------- d-----w- c:\users\Matthew\AppData\Local\{6755AF4C-80D7-46EB-8128-CF69867423EF}
2011-05-05 06:49 . 2011-05-05 06:49 -------- d-----w- c:\users\Matthew\AppData\Local\{ED9F446D-22E2-42D0-8146-6EFFAB1000F9}
2011-05-04 06:03 . 2011-05-04 06:04 -------- d-----w- c:\users\Matthew\AppData\Local\{DB9A4F2E-C2B2-426D-BC74-B0E084AEC6B0}
2011-04-30 21:43 . 2011-04-30 21:43 -------- d-----w- c:\users\Matthew\AppData\Local\{2881F19E-543E-4362-93BB-8FED51F4B9F9}
2011-04-30 15:34 . 2011-04-30 15:34 -------- d-----w- c:\users\Matthew\AppData\Roaming\Friday's games
2011-04-30 06:50 . 2011-04-30 06:50 -------- d-----w- c:\users\Matthew\AppData\Local\{D01524F1-414F-421B-8FF5-C9DF962390F3}
2011-04-29 17:21 . 2011-04-29 17:21 -------- d-----w- c:\users\Matthew\AppData\Local\{596CBF1A-0D4C-4756-910F-E0B435BEC796}
2011-04-29 02:22 . 2011-04-29 02:22 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2011-04-28 06:30 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 06:30 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-27 08:01 . 2011-04-27 08:01 -------- d-----w- c:\users\Matthew\AppData\Local\{EDDE8E5C-96F2-4901-AEE6-CDFD9B1D22B0}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-04-28 13:34 . 2011-01-07 11:10 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-16 07:10 . 2011-03-16 07:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 07:10 . 2011-03-16 07:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 07:10 . 2011-03-16 07:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 07:10 . 2011-03-16 07:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 07:10 . 2011-03-16 07:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 07:10 . 2011-03-16 07:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 07:10 . 2011-03-16 07:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 07:10 . 2011-03-16 07:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 07:10 . 2011-03-16 07:10 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 07:10 . 2011-03-16 07:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 07:10 . 2011-03-16 07:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 07:10 . 2011-03-16 07:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 07:10 . 2011-03-16 07:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 07:10 . 2011-03-16 07:10 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 07:10 . 2011-03-16 07:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 07:10 . 2011-03-16 07:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 07:10 . 2011-03-16 07:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 07:10 . 2011-03-16 07:10 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 07:10 . 2011-03-16 07:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 07:10 . 2011-03-16 07:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 07:10 . 2011-03-16 07:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 07:09 . 2011-03-16 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 07:09 . 2011-03-16 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 07:09 . 2011-03-16 07:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 07:09 . 2011-03-16 07:09 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 07:09 . 2011-03-16 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 07:09 . 2011-03-16 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 07:09 . 2011-03-16 07:09 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 07:09 . 2011-03-16 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 07:09 . 2011-03-16 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 07:09 . 2011-03-16 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 07:09 . 2011-03-16 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 07:09 . 2011-03-16 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 07:09 . 2011-03-16 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 07:09 . 2011-03-16 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 07:09 . 2011-03-16 07:09 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 07:09 . 2011-03-16 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 07:09 . 2011-03-16 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 07:09 . 2011-03-16 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 07:09 . 2011-03-16 07:09 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-16 07:09 . 2011-03-16 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 07:09 . 2011-03-16 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-11 06:19 . 2011-04-13 23:04 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 23:04 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 23:04 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 23:04 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-10 16:14 . 2011-03-10 16:14 771157 ----a-w- c:\programdata\SPLF9F7.tmp
2011-03-10 16:12 . 2011-03-10 16:12 771157 ----a-w- c:\programdata\SPL2CD8.tmp
2011-03-09 19:11 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-03-08 14:48 . 2011-03-08 14:48 769321 ----a-w- c:\programdata\SPLF552.tmp
2011-03-08 06:14 . 2011-04-13 23:04 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 23:04 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 06:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 06:31 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-13 23:04 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:17 . 2011-04-13 23:04 182272 ----a-w- c:\windows\system32\dnsrslvr(282).dll
2011-03-03 06:17 . 2011-04-13 23:04 356352 ----a-w- c:\windows\system32\dnsapi(281).dll
2011-03-03 06:14 . 2011-04-13 23:04 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:29 . 2011-04-13 23:04 269824 ----a-w- c:\windows\SysWow64\dnsapi(436).dll
2011-03-03 05:27 . 2011-04-13 23:04 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 23:04 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 16:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2009-9-30 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectServ ice;c:\windows\system32\spool\DRIVERS\x64\3\\lxeas erv.exe [2010-04-14 45736]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Driver s\RapportKE64.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-04-28 52496]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-04-28 61200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 lxea_device;lxea_device;c:\windows\system32\lxeaco ms.exe [2010-01-07 1052328]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1caa25 4798ee59c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 08:45]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 08:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2009-04-27 139944]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2009-04-27 766632]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?brand=ACPW&bmod=PBEU
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m5722&r=173601106 206p0345v175y48l11387
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Matthew\AppData\Roaming\DVDVideoSoftIEHel pers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5 017F567343CA.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\P rofiles\rb99j2jo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
SafeBoot-SolutoService
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-26 19:50:04
ComboFix-quarantined-files.txt 2011-05-26 18:50
.
Pre-Run: 322,848,722,944 bytes free
Post-Run: 322,557,239,296 bytes free
.
- - End Of File - - 639A0B53515982FDCC54144C8FD5D6E5

Please let's hope I did it right this time, catch you soon broni

**broni** · 27-05-2011

Looks good

Uninstall Ask Toolbar, known foistware.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**mattanddo** · 27-05-2011

Hi broni, not able to uninstall ask yet as i get an error message saying unable to uninstall as windows installer may not be installed correctly

When I run OTL I just get what appears to be a text box there are no buttons ?