Solved wuauclt.exe is BUGGING my computer!

[Solved] wuauclt.exe is BUGGING my computer!

wuauclt.exe, is an update process for winME.

Since I am using XP, wuauclt.exe is not necessary for XP. Although I saw wuauclt.exe is the Process Tab (Windows Task Manager), I just ignore it because it's memory usage is below 1000K.

After I adjust the clock, something is wrong. The computer seems to be running very slow, and I was unable to browse my documents and music ( it responds very slow, almost took 5 mins to complete). When I checked Task Manager, the memory usage of wuauclt.exe is HIGH UP UNTIL 100,000K!!!!! I went to kill the process but failed. The only way to stop it is via Services.msc.

After restart, wuauclt.exe is acting abnormally. Sometimes the memory usage is low until 76K, but sometimes high up until 100,000K!!!!!!! I suspect that wuauclt.exe is somewhat a worm or a virus.

I know that I have to post DDS log, but before that, I want to ask: I clicked the two mirrors to download DDS log.

1. Is it normal that the file extension is .scr of .pif???
2.Is it okay to download to My Documents, then move it to the Desktop??
(Beacuse I am using Google Chrome, the default place for saving all the downloads is My Documents)

 

DDS file extension is .scr
Yes, you can download to anywhere provided you run from the desktop. Not a shortcut either, but the actual file

Post all requested logs please.

 

dds first log(DDS.txt)

DDS (Ver_10-03-17.01) - FAT32x86
Run by Admin at 2:01:56.73 on Fri 08/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.53 [GMT 9:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.my/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\admin\application data\flashgetbho\FlashGetBHO3.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - d:\oald8\quickfind\plugins\IEHelp.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [ViStart] c:\progra~1\vistart\VISTART.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: Download all by FlashGet3 - c:\documents and settings\admin\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\admin\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: ?????? - c:\program files\thunder network\thunder\program\geturl.htm
IE: ?????????? - c:\program files\thunder network\thunder\program\getallurl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2003-12-9 10368]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-18 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-18 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-18 40384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-18 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-18 40384]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S2 AntiVirUpgradeService;Avira Upgrade Service; "c:\docume~1\admin\locals~1\temp\avsetup_49531f86\basic\avupgsvc.exe" /tempstart:" "c:\docume~1\admin\locals~1\temp\avsetup_49531f86\basic\setup.exe" /notempcleanup /crossupgrade" --> c:\docume~1\admin\locals~1\temp\avsetup_49531f86\basic\avupgsvc.exe [?]
S2 gupdate1c9611b8690831e;Google Update Service (gupdate1c9611b8690831e);c:\program files\google\update\GoogleUpdate.exe [2008-12-18 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================


==================== Find3M ====================

2010-06-01 19:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-01 19:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-01 19:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 02:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 02:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 02:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 02:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 02:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2008-12-20 20:13:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122120081222\index.dat

============= FINISH: 2:03:28.68 ===============

 

dds second log (attach.txt)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2008 1:15:28 PM
System Uptime: 8/12/2010 3:16:44 PM (11 hours ago)

Motherboard: Acer | | L4S5MGX
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 478 | 2018/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 19 GiB total, 4.121 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 8.645 GiB free.
E: is CDROM ()
G: is Removable
R: is FIXED (FAT) - 0 GiB total, 0.014 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {78A1C341-4539-11D3-B88D-00C04FAD5171}
Description: Ramdisk Driver
Device ID: ROOT\SAMPLE\0001
Manufacturer: Microsoft
Name: Ramdisk Driver
PNP Device ID: ROOT\SAMPLE\0001
Service: RRamdisk

==== System Restore Points ===================

RP209: 5/17/2010 10:39:04 PM - Restore Operation
RP210: 5/17/2010 11:57:51 PM - Installed Microsoft Office Enterprise 2007
RP211: 5/18/2010 12:01:50 AM - Installed Microsoft Office Enterprise 2007
RP212: 5/19/2010 7:50:36 AM - System Checkpoint
RP213: 8/12/2010 9:11:18 AM - System Checkpoint

==== Installed Programs ======================


ÓÎ÷Öùú°Ã™±¦Ãä
´Ã³¸»ÃŽÃŒ(Rich) V4
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Artweaver 1.0
Askey HSFi V.90(V.92) 56K PCI Modem
Aspire Screen Saver
avast! Free Antivirus
BitTorrent
Bookworm (remove only)
BookWorm Deluxe 1.03
Bookworm Deluxe 1.13
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
DNA
FlashGet 3.5
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HyperCam 2
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
Lexmark Skin: Helix
Lexmark Supplies Monitor
Lexmark Z25-Z35
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Oxford Advanced Learner's Dictionary - 8th Edition
Pando Media Booster
PvP-RO Client
QUICKfind server v1.1
Ragnarok Sakray
RaidenII (Remove only, requires CD)
RealPlayer
RealUpgrade 1.0
Science Form 2 MyCD Volume 1
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
V3750 Digital Camera Driver
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

8/12/2010 4:32:33 AM, error: Service Control Manager [7000] - The Avira Upgrade Service service failed to start due to the following error: The system cannot find the path specified.
8/12/2010 4:30:36 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000AE60CAB1D has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
8/12/2010 3:30:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Recycled' on the volume 'HarddiskVolumeRD'. It has stopped monitoring the volume.

==== End Of File ===========================

 

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\WINDOWS\system32\wuauclt.exe

====

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

Post new HJT log.

 

Results from jotti's malware scan:
Filename: wuauclt.exe
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 16 Aug 2010 13:31:50 (CET)
File size: 53472 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 62bb79160f86cd962f312c68c6239bfd
SHA1: c2de8148e1a8e8f097e3a40232ddb04efd0a7cc6

 

but when I browse the windows folder, I found wuauclt.exe and wuauclt1.exe. Is it a virus??

anti-malware program will it crash with av software??

"Post new hjt log" is it new dds log or download Hijackthis software to create a log??

 

wuauclt.exe is a Microsoft file. I have it on my Windows 7. As long as it resides in the system32 folder, it's legit.
High memory usage means it is checking for updates.

Sorry about the HJT bit. Ignore that and just run MBA-M please, although I suspect it will find nothing.

 

I did the mbam setup process. Is it okay to located in C: drive then run shortcut from the desktop??

Do I need to re-run dds after restarting??

 

MBA-M will install itself to Program Files. It is ok to run it from a shortcut on the desktop .
Other than the wuauclt file, are you having any obvious malware problems?

 

I don't know. bur recently, I saw 7 svchost.exe running on the background!!!!!
mbam results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4456

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/13/2010 1:13:24 PM
mbam-log-2010-08-13 (13-13-24).txt

Scan type: Full scan (C:\|D:\|Q:\|R:\|)
Objects scanned: 222306
Time elapsed: 1 hour(s), 29 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 163

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\chrome\locale (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\chrome\locale\en-US (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\searchplugins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.6.1.7000 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\bin (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\{4B7788ED-BF55-41B7-98E0-92442036B28E}\OFFLINE\EB91CE86\3E688669\stbdl.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\4b6752554c03dd13115a0078de71aa4d.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\2154df11395ea0249c4c54961007ff8a.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading_bg.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading_logo.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\Thumbs.db (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\chrome\DesktopSmileyToolbar.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\chrome\locale\en-US\global.dtd (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\searchplugins\desktopsmileysearchplugins.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\components\DDAutoComplete.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\FFToolbar\components\ISmileyCore.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\001EF5A8.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\bin\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Data\nsm.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\4b6752554c03dd13115a0078de71aa4d.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\2154df11395ea0249c4c54961007ff8a.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading_bg.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Cache\loading_logo.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

 

new dds log:



DDS (Ver_10-03-17.01) - FAT32x86
Run by Admin at 14:38:11.79 on Fri 08/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.25 [GMT 9:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.my/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\admin\application data\flashgetbho\FlashGetBHO3.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - d:\oald8\quickfind\plugins\IEHelp.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [ViStart] c:\progra~1\vistart\VISTART.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
IE: &Search
IE: Download all by FlashGet3 - c:\documents and settings\admin\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\admin\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: ?????? - c:\program files\thunder network\thunder\program\geturl.htm
IE: ?????????? - c:\program files\thunder network\thunder\program\getallurl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2003-12-9 10368]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-18 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-18 19024]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]

=============== Created Last 30 ================

2010-08-13 02:38:49 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-08-13 02:38:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 02:38:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-13 02:38:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 02:38:15 0 d-----w- C:\Malwarebytes' Anti-Malware
2010-08-12 20:24:03 1374 ----a-w- c:\windows\imsins.BAK
2010-08-12 02:01:51 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-11 18:07:50 0 d-----w- c:\program files\PaintTool SAI English Pack

==================== Find3M ====================

2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:02 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:02 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:00 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:22:00 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:22:00 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:56 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-24 08:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:10 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:12 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:27:12 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:46 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-01 19:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-01 19:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-01 19:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 02:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 02:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 02:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 02:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 02:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2008-12-20 20:13:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122120081222\index.dat

============= FINISH: 14:39:35.06 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2008 1:15:28 PM
System Uptime: 8/13/2010 1:16:22 PM (1 hours ago)

Motherboard: Acer | | L4S5MGX
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 478 | 2017/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 19 GiB total, 3.053 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 8.645 GiB free.
E: is CDROM ()
G: is Removable
R: is FIXED (FAT) - 0 GiB total, 0.015 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {78A1C341-4539-11D3-B88D-00C04FAD5171}
Description: Ramdisk Driver
Device ID: ROOT\SAMPLE\0001
Manufacturer: Microsoft
Name: Ramdisk Driver
PNP Device ID: ROOT\SAMPLE\0001
Service: RRamdisk

==== System Restore Points ===================

RP209: 5/17/2010 10:39:04 PM - Restore Operation
RP210: 5/17/2010 11:57:51 PM - Installed Microsoft Office Enterprise 2007
RP211: 5/18/2010 12:01:50 AM - Installed Microsoft Office Enterprise 2007
RP212: 5/19/2010 7:50:36 AM - System Checkpoint
RP213: 8/12/2010 9:11:18 AM - System Checkpoint
RP214: 8/13/2010 5:12:44 AM - Software Distribution Service 3.0

==== Installed Programs ======================


ÓÎ÷Öùú°Ã™±¦Ãä
´Ã³¸»ÃŽÃŒ(Rich) V4
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Artweaver 1.0
Askey HSFi V.90(V.92) 56K PCI Modem
Aspire Screen Saver
avast! Free Antivirus
BitTorrent
Bookworm (remove only)
BookWorm Deluxe 1.03
Bookworm Deluxe 1.13
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
DNA
FlashGet 3.5
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HyperCam 2
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
Lexmark Skin: Helix
Lexmark Supplies Monitor
Lexmark Z25-Z35
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Oxford Advanced Learner's Dictionary - 8th Edition
Pando Media Booster
PvP-RO Client
QUICKfind server v1.1
Ragnarok Sakray
RaidenII (Remove only, requires CD)
RealPlayer
RealUpgrade 1.0
Science Form 2 MyCD Volume 1
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
V3750 Digital Camera Driver
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

8/13/2010 6:01:57 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/13/2010 5:46:15 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office InfoPath 2007 (KB979441).
8/13/2010 5:46:06 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
8/13/2010 5:14:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'MSI66db8.tmp' on the volume 'HarddiskVolumeRD'. It has stopped monitoring the volume.
8/13/2010 4:52:10 AM, error: Service Control Manager [7000] - The Avira Upgrade Service service failed to start due to the following error: The system cannot find the path specified.
8/13/2010 4:50:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000AE60CAB1D has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
8/13/2010 1:16:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/12/2010 3:30:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Recycled' on the volume 'HarddiskVolumeRD'. It has stopped monitoring the volume.

==== End Of File ===========================

 

You are posting logs from a week ago. Please post logs from current scans.

mbam-log-2010-08-13
DDS (Ver_10-03-17.01) - FAT32x86
Run by Admin at 14:38:11.79 on Fri 08/13/2010

============

It is normal to have multiple instances of svchost.exe.

 

oh....... my date and time is shown incorrectly.
http://www.windowsbbs.com/windows-xp/91809-incorrect-time.html
tried every method but no luck.
I am sure that all the logs are recently posted.

 

If you boot into your bios, check the time and date in there. Most pc's you have to continue to tap the delete key straight after hitting the power on button for the pc.
Make sure to save and exit after making any changes.

==============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

I've tried that, but still no luck.......


OTL logfile created on: 8/13/2010 5:07:55 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 62.00 Mb Available Physical Memory | 25.00% Memory free
727.00 Mb Paging File | 403.00 Mb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 2.93 Gb Free Space | 15.33% Space Free | Partition Type: FAT32
Drive D: | 19.13 Gb Total Space | 8.64 Gb Free Space | 45.18% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.23 Gb Free Space | 65.51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 15.92 Mb Total Space | 14.88 Mb Free Space | 93.45% Space Free | Partition Type: FAT

Computer Name: OEM-HRQ0AKECTIJ
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/13 17:06:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010/07/31 09:18:12 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/05/07 05:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/07 05:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/06 17:52:16 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/02/10 22:01:50 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/12/18 22:10:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/10 02:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:12:20 | 001,432,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/01/28 05:48:50 | 000,885,760 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/13 17:06:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe -- (AntiVirUpgradeService)
SRV - [2010/05/07 05:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/07 05:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/07 05:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/02/10 22:01:50 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/10 02:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/05/07 05:39:24 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/07 05:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/07 05:34:28 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/07 05:34:00 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/07 05:33:48 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/07 05:33:30 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/23 15:05:06 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay)
DRV - [2009/09/23 15:04:52 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs)
DRV - [2008/04/14 02:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/12/09 10:04:40 | 000,010,368 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\rramdisk.sys -- (RRamdisk)
DRV - [2002/04/01 09:47:36 | 000,045,312 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/02/01 12:02:48 | 000,177,152 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001/12/26 20:52:58 | 000,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/10 16:36:00 | 000,585,152 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/10 16:33:00 | 000,078,498 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/08/10 16:33:00 | 000,068,006 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/23 18:41:00 | 000,427,167 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/23 18:40:00 | 000,534,605 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/07/13 13:52:00 | 000,310,739 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/04 17:42:00 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag)
DRV - [2001/06/15 18:37:00 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/06/15 18:36:00 | 000,216,987 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/06/15 18:35:00 | 000,056,639 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.03.01


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/06 17:54:30 | 000,000,000 | ---D | M]

[2008/09/29 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2009/04/23 11:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2wph5bmb.Default User\extensions
[2009/07/02 00:06:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2wph5bmb.Default User\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/10 00:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2wph5bmb.Default User\extensions\personas@christopher.beard
[2009/06/15 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2wph5bmb.Default User\extensions\plugin@yontoo.com
[2008/09/29 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nh33vuz0.default\extensions
[2008/12/19 04:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nh33vuz0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/04/23 10:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nh33vuz0.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2008/12/04 00:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nh33vuz0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/22 07:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nh33vuz0.default\extensions\{69f6e5ea-e975-4d70-a983-1e5c094ded79}
[2009/04/23 10:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nh33vuz0.default\extensions\personas@christopher.beard

O1 HOSTS File: ([2001/08/18 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Admin\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\OALD8\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ViStart] C:\PROGRA~1\VISTART\VISTART.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Admin\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Admin\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} http://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab (Innotive Cibrowser Control 1.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 21:04:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/13 17:06:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/08/13 11:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010/08/13 11:38:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/13 11:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/13 11:38:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/13 11:38:15 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/08/12 03:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\PaintTool SAI English Pack
[2010/05/19 05:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIRepair
[2010/05/19 04:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ViStart
[2010/05/19 04:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ViSplore
[2010/05/19 04:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ViGlance
[2010/05/19 04:37:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VITrans
[2010/05/19 04:37:06 | 000,000,000 | ---D | C] -- C:\VTPFiles
[2010/05/19 04:37:05 | 000,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2010/05/19 04:37:05 | 000,019,968 | ---- | C] (Dead Knight) -- C:\WINDOWS\System32\reico.exe
[2010/05/19 04:33:47 | 000,020,480 | ---- | C] (Windows X) -- C:\WINDOWS\System32\scrnrdr.exe
[2010/05/18 01:03:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data\SecuROM
[2010/05/17 22:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2010/05/17 22:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/05/17 22:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/05/17 22:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/17 22:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/17 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/17 22:40:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/05/17 22:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/05/16 11:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Winrar
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/13 17:12:30 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0C04208A-E418-4CAA-BEA6-03AA7A6DE064}.job
[2010/08/13 17:06:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/08/13 16:47:50 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 13:17:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/13 13:17:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
[2010/08/13 13:17:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 13:16:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 13:16:38 | 259,575,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/13 13:15:16 | 006,828,032 | ---- | M] () -- C:\Documents and Settings\Admin\ntuser.dat
[2010/08/13 13:15:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/08/13 13:15:00 | 002,823,554 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2010/08/13 08:02:24 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 06:23:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 05:56:08 | 000,515,540 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 05:56:08 | 000,451,420 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 05:56:08 | 000,074,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 20:53:04 | 000,000,043 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/08/12 15:05:26 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/08/12 04:13:22 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1733290971-2304659736-1445258045-1005Core1cac607a42666b2.job
[2010/08/12 04:12:10 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\PaintTool SAI.lnk
[2010/08/12 03:45:52 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/12 03:45:48 | 000,002,194 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2010/08/11 22:44:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/19 04:51:04 | 000,095,848 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/19 04:37:32 | 000,078,942 | ---- | M] () -- C:\WINDOWS\Icon_1.ico
[2010/05/18 13:21:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
[2010/05/17 22:32:32 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cc_20100517_223229.reg
[2010/05/16 08:12:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/16 03:33:00 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 05:24:03 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:32:16 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\PaintTool SAI.lnk
[2010/05/19 04:37:31 | 000,078,942 | ---- | C] () -- C:\WINDOWS\Icon_1.ico
[2010/05/19 04:37:05 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2010/05/19 04:37:05 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2010/05/19 04:37:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2010/05/17 22:32:31 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cc_20100517_223229.reg
[2010/05/17 19:54:31 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
[2010/05/09 18:46:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/07/09 05:06:02 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/04/26 07:14:13 | 000,233,552 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2009/04/18 14:15:29 | 000,001,888 | ---- | C] () -- C:\WINDOWS\Ca533a.ini
[2008/12/31 17:04:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/01 00:02:53 | 000,000,354 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/28 03:59:42 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/16 21:38:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/16 21:24:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/16 21:13:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/16 21:09:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/09/16 21:00:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/23 21:11:20 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2006/05/26 06:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/03 05:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2002/11/16 15:37:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ahook.dll
[2002/01/24 02:29:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[1980/01/01 00:00:00 | 000,007,819 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2008/10/23 01:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/06 09:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/11/17 15:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4B7788ED-BF55-41B7-98E0-92442036B28E}
[2008/11/25 20:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/12/01 07:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/22 01:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}
[2009/06/28 22:49:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/06/28 22:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/06/28 22:56:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/06/29 01:20:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2009/06/30 06:55:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/06/30 07:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/07/13 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/07/15 15:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2009/07/16 16:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/03/17 13:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/07 15:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2010/05/08 20:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/05/08 20:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/05/15 11:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2008/09/16 21:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\InterTrust
[2008/11/06 09:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PlayFirst
[2008/11/21 17:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DNA
[2008/11/21 22:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Wildfire
[2008/11/27 11:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\fltk.org
[2008/12/01 07:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GameHouse
[2009/05/01 20:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Orbit
[2009/05/01 20:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GrabPro
[2009/05/05 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uTorrent
[2009/05/24 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GoodSync
[2009/06/28 22:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canon Easy-WebPrint EX
[2009/06/28 23:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitTorrent
[2009/06/30 06:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canon
[2009/07/04 01:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
[2009/07/15 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TP
[2009/07/15 08:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SoftGrid Client
[2009/07/16 14:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NVD
[2010/05/07 15:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SYSTEMAX Software Development
[2010/05/09 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FlashGetBHO
[2010/05/09 18:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BITS
[2010/05/09 18:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FlashGet
[2010/05/15 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Artweaver
[2010/05/19 04:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ViGlance
[2010/05/19 04:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ViSplore
[2010/05/19 04:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ViStart
[2010/08/13 17:12:30 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0C04208A-E418-4CAA-BEA6-03AA7A6DE064}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/21 04:49:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/12/21 04:49:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/21 04:49:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/12/21 04:49:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/09/16 20:55:58 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2008/09/16 20:55:58 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/16 20:55:58 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

========== Files - Unicode (All) ==========
[2010/08/13 12:34:50 | 000,064,228 | ---- | M] ()(C:\Documents and Settings\Admin\My Documents\?????????????.docx) -- C:\Documents and Settings\Admin\My Documents\皇朝故宫位于圣保罗教堂山下.docx
[2010/08/13 12:34:27 | 000,064,228 | ---- | C] ()(C:\Documents and Settings\Admin\My Documents\?????????????.docx) -- C:\Documents and Settings\Admin\My Documents\皇朝故宫位于圣保罗教堂山下.docx
< End of report >

 

OTL Extras logfile created on: 8/13/2010 5:07:55 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 62.00 Mb Available Physical Memory | 25.00% Memory free
727.00 Mb Paging File | 403.00 Mb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 2.93 Gb Free Space | 15.33% Space Free | Partition Type: FAT32
Drive D: | 19.13 Gb Total Space | 8.64 Gb Free Space | 45.18% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.23 Gb Free Space | 65.51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 15.92 Mb Total Space | 14.88 Mb Free Space | 93.45% Space Free | Partition Type: FAT

Computer Name: OEM-HRQ0AKECTIJ
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\warcraft III\Warcraft III.exe" = D:\warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabledownload Accelerator Plus (DAP) -- File not found
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\groove.exe" = C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"´Ã³¸»ÃŽÃŒ(Rich) V4" = ´Ã³¸»ÃŽÃŒ(Rich) V4
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aspire" = Aspire Screen Saver
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Bookworm" = Bookworm (remove only)
"BookWorm Deluxe 1.03" = BookWorm Deluxe 1.03
"Bookworm Deluxe 1.13" = Bookworm Deluxe 1.13
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D89144F" = Askey HSFi V.90(V.92) 56K PCI Modem
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet 3.5" = FlashGet 3.5
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark Skin: Helix" = Lexmark Skin: Helix
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z25-Z35" = Lexmark Z25-Z35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"ÓÎ÷Öùú°Ã™±¦Ãä1.07" = ÓÎ÷Öùú°Ã™±¦Ãä
"QUICKfind" = QUICKfind server v1.1
"Ragnarok Sakray" = Ragnarok Sakray
"RaidenII" = RaidenII (Remove only, requires CD)
"RealPlayer 12.0" = RealPlayer
"Science Form 2 MyCD Volume 1" = Science Form 2 MyCD Volume 1
"V3750 Digital Camera Driver" = V3750 Digital Camera Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"PvP-RO Client" = PvP-RO Client
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2010 4:22:18 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6535.5000, stamp 4bbf7396,
faulting module wwlib.dll, version 12.0.6535.5002, stamp 4bd2a85a, debug? 0, fault
address 0x002bc6dd.

Error - 8/12/2010 4:22:54 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 8/12/2010 4:23:30 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6535.5000, stamp 4bbf7396,
faulting module wwlib.dll, version 12.0.6535.5002, stamp 4bd2a85a, debug? 0, fault
address 0x002bc6dd.

Error - 8/12/2010 4:50:43 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An
installation for Microsoft Office Enterprise 2007 is currently suspended. You
must undo the changes made by that installation to continue. Do you want to undo
those changes?

Error - 8/12/2010 4:55:50 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7230, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/12/2010 4:55:50 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 8/12/2010 4:56:02 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7230, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/12/2010 4:56:02 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 8/12/2010 4:56:05 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7230, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/12/2010 5:01:26 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x800706be

[ OSession Events ]
Error - 8/12/2010 4:19:48 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7064
seconds with 5280 seconds of active time. This session ended with a crash.

Error - 8/12/2010 4:22:11 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/12/2010 4:23:26 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/12/2010 4:14:38 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000010'
while processing the file 'MSI66db8.tmp' on the volume 'HarddiskVolumeRD'. It
has stopped monitoring the volume.

Error - 8/12/2010 4:46:06 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Service Control Manager | ID = 7034
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/12/2010 4:46:15 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070641: Security Update for Microsoft Office InfoPath 2007 (KB979441).

Error - 8/12/2010 5:01:57 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Service Control Manager | ID = 7031
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 8/12/2010 7:02:39 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000AE60CAB1D has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 8/12/2010 7:06:16 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 8/12/2010 9:27:46 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000AE60CAB1D has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 8/12/2010 9:29:45 PM | Computer Name = OEM-HRQ0AKECTIJ | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 8/13/2010 12:16:56 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/13/2010 12:18:57 AM | Computer Name = OEM-HRQ0AKECTIJ | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3


< End of report >

 

That tells me nothing. What gives you no luck? You cannot get into the BIOS? You cannot change the setting in the BIOS?
Please explain a little further.

===============

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  
  :OTL
  SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
  SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
  SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe -- (AntiVirUpgradeService)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: [Cmaudio] File not found
  O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found
  O4 - HKCU..\Run: [ViStart] C:\PROGRA~1\VISTART\VISTART.exe File not found
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.