Solved Malware issue (Browser redirect and no go Auto Updates/MS Update

Yeppp it does look highly suspicious :c)

Nahhh but it's aok - I don't need it now a days so good it's gone

 

Thanks :c)

Have had great twuble opening IE or firefox today.

Bubble to update windows is popping up! wooohooo ... however updates are blocked ... pc tries to install but all updates fail. Auto updates is still greyed out so can't select.

AV updated :c) has given some volume warnings .. they go to fast for me to jot down what they say tho.

will run scan and post in next message :c)

 

OTL Extras logfile created on: 28/05/2011 11:23:23 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Michael and Arlene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

702.98 Mb Total Physical Memory | 486.76 Mb Available Physical Memory | 69.24% Memory free
976.95 Mb Paging File | 626.18 Mb Available in Paging File | 64.10% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.51 Gb Free Space | 17.46% Space Free | Partition Type: NTFS

Computer Name: LEENIEHP | User Name: Michael and Arlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-436374069-842925246-839522115-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Documents and Settings\Michael and Arlene\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Michael and Arlene\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11E422E7-7620-459F-BB6C-082A80907ED1}" = Home Business Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1978BDCF-E266-480F-9D91-B2971C464C30}" = SolidCapture
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{43535539-97D4-4992-B0FA-DF31FD72915F}" = SmartRoster
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.2.1
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CCleaner" = CCleaner
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"Defraggler" = Defraggler
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"e-tax 2008" = e-tax 2008
"Excel Invoice Manager_is1" = Excel Invoice Manager 2.9.1013
"GiftAuto" = GiftAuto 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"iSkysoft FLV Converter_is1" = iSkysoft FLV Converter(Build 2.3.3.1)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Pamela" = Pamela Pro 4.6
"PDF Editor 2" = PDF Editor 2
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Replay Video Capture3.1B" = Replay Video Capture
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Speccy" = Speccy
"VuePrint" = VuePrint
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WinX Free VOB to MP4 Converter_is1" = WinX Free VOB to MP4 Converter 2.0.7
"WM Recorder 12.3" = WM Recorder 12.3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"b996e812c4b1deb0" = ROUTE 66 Sync
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30/01/2010 5:55:59 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:55:59 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:56:07 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:56:13 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:57:28 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:57:29 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:57:30 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:57:45 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:57:49 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

Error - 30/01/2010 5:57:55 AM | Computer Name = LEENIE | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 26/05/2011 11:52:02 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB2288613): USP10' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:52:31 AM | Computer Name = LEENIEHP | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2446704,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 26/05/2011 11:52:54 AM | Computer Name = LEENIEHP | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 26/05/2011 11:53:10 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:53:10 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB2509503): MSO' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Access 2003 (KB981716): ACCWIZ' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Access 2003 (KB981716): MSACCESS' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:54:11 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:54:11 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB976382): VBE6' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ Application Events ]
Error - 26/05/2011 11:52:02 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB2288613): USP10' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:52:31 AM | Computer Name = LEENIEHP | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2446704,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 26/05/2011 11:52:54 AM | Computer Name = LEENIEHP | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 26/05/2011 11:53:10 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:53:10 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB2509503): MSO' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Access 2003 (KB981716): ACCWIZ' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Access 2003 (KB981716): MSACCESS' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:54:11 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:54:11 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB976382): VBE6' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ Application Events ]
Error - 26/05/2011 11:52:02 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB2288613): USP10' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:52:31 AM | Computer Name = LEENIEHP | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2446704,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 26/05/2011 11:52:54 AM | Computer Name = LEENIEHP | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 26/05/2011 11:53:10 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:53:10 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB2509503): MSO' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Access 2003 (KB981716): ACCWIZ' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:53:59 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Access 2003 (KB981716): MSACCESS' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 26/05/2011 11:54:11 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Access 2003 Runtime -- Error 1311. Source
file not found(cabinet): C:\WINDOWS\Installer\ACCESSRT.CAB. Verify that the file
exists and that you can access it.

Error - 26/05/2011 11:54:11 AM | Computer Name = LEENIEHP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Access 2003 Runtime - Update 'Security Update
for Office 2003 (KB976382): VBE6' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 28/05/2011 6:43:02 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28/05/2011 6:44:57 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7022
Description = The Avira AntiVir Guard service hung on starting.

Error - 28/05/2011 6:46:08 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7017
Description = Detected circular dependencies demand starting Fast User Switching
Compatibility.

Error - 28/05/2011 6:46:46 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 28/05/2011 6:46:46 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 28/05/2011 6:47:22 AM | Computer Name = LEENIEHP | Source = Print | ID = 23
Description = Printer hp psc 2500 series failed to initialize because a suitable
hp psc 2500 series driver could not be found.

Error - 28/05/2011 6:47:22 AM | Computer Name = LEENIEHP | Source = Print | ID = 23
Description = Printer hp psc 2500 series fax failed to initialize because a suitable
hp psc 2500 series fax driver could not be found.

Error - 28/05/2011 6:48:56 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28/05/2011 6:49:04 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 28/05/2011 9:20:44 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

[ System Events ]
Error - 28/05/2011 6:43:02 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28/05/2011 6:44:57 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7022
Description = The Avira AntiVir Guard service hung on starting.

Error - 28/05/2011 6:46:08 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7017
Description = Detected circular dependencies demand starting Fast User Switching
Compatibility.

Error - 28/05/2011 6:46:46 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 28/05/2011 6:46:46 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 28/05/2011 6:47:22 AM | Computer Name = LEENIEHP | Source = Print | ID = 23
Description = Printer hp psc 2500 series failed to initialize because a suitable
hp psc 2500 series driver could not be found.

Error - 28/05/2011 6:47:22 AM | Computer Name = LEENIEHP | Source = Print | ID = 23
Description = Printer hp psc 2500 series fax failed to initialize because a suitable
hp psc 2500 series fax driver could not be found.

Error - 28/05/2011 6:48:56 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28/05/2011 6:49:04 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 28/05/2011 9:20:44 AM | Computer Name = LEENIEHP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

 

OTL in 2 posts .......



OTL logfile created on: 28/05/2011 11:23:23 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Michael and Arlene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

702.98 Mb Total Physical Memory | 486.76 Mb Available Physical Memory | 69.24% Memory free
976.95 Mb Paging File | 626.18 Mb Available in Paging File | 64.10% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.51 Gb Free Space | 17.46% Space Free | Partition Type: NTFS

Computer Name: LEENIEHP | User Name: Michael and Arlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 23:17:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael and Arlene\desktop\OTL.exe
PRC - [2011/04/28 21:41:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/19 11:54:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/07 18:17:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 23:17:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael and Arlene\desktop\OTL.exe
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/28 21:41:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/19 11:54:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/06/25 18:47:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/26 03:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/19 11:54:29 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 20:10:43 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/03/09 22:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 22:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 22:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 22:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 22:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 22:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/09 21:38:42 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/24 19:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/03 18:03:26 | 000,012,416 | ---- | M] (Skyhook Wireless) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2007/02/06 15:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2007/01/26 03:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/03/04 15:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/21 23:54:10 | 000,265,984 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG511v2XP.sys -- (W8335XP) NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335)
DRV - [2004/05/15 21:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/14 17:52:22 | 000,005,632 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/10/24 01:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/08 13:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/10/07 11:42:40 | 000,067,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/08/09 01:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/07/22 18:50:00 | 000,018,088 | ---- | M] (HaSoInTech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDVC05.sys -- (SDVC05)
DRV - [2003/04/24 01:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/19 01:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-436374069-842925246-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKU\S-1-5-21-436374069-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 60283
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/07 21:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/12/08 00:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0403B072-B5B9-4A7F-AB53-13D9C2EA9DDD}: C:\Documents and Settings\Michael and Arlene\Local Settings\Application Data\{0403B072-B5B9-4A7F-AB53-13D9C2EA9DDD}\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/21 01:28:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/21 01:28:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/07 21:07:44 | 000,000,000 | ---D | M]

[2010/08/30 22:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael and Arlene\Application Data\Mozilla\Extensions
[2011/05/16 22:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael and Arlene\Application Data\Mozilla\Firefox\Profiles\ekrq2nw8.default\extensions
[2011/02/05 11:49:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael and Arlene\Application Data\Mozilla\Firefox\Profiles\ekrq2nw8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/15 00:42:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Michael and Arlene\Application Data\Mozilla\Firefox\Profiles\ekrq2nw8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/03 18:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/01/03 17:43:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/16 22:51:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/16 22:52:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/16 22:52:11 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/16 22:52:11 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/16 22:52:11 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/16 22:52:11 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/26 22:58:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-436374069-842925246-839522115-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-436374069-842925246-839522115-1004\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-436374069-842925246-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-436374069-842925246-839522115-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-436374069-842925246-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-842925246-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-436374069-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-436374069-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL (justDo Software)
O9 - Extra 'Tools' menuitem : Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL (justDo Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/16 17:41:04 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-436374069-842925246-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: msvideo9 - C:\WINDOWS\System32\SDVC03.drv ()
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 23:17:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael and Arlene\Desktop\OTL.exe
[2011/05/27 17:23:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/27 17:23:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael and Arlene\Recent
[2011/05/26 22:33:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/26 01:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GiftAuto
[2011/05/26 00:27:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/24 23:34:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael and Arlene\PrivacIE
[2011/05/24 23:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael and Arlene\Desktop\tdsskiller
[2011/05/24 22:44:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael and Arlene\IECompatCache
[2011/05/24 17:21:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael and Arlene\IETldCache
[2011/05/24 17:20:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/24 02:14:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/22 18:14:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/22 01:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael and Arlene\Local Settings\Application Data\PackageAware
[2011/05/21 23:04:53 | 004,294,027 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael and Arlene\Desktop\ComboFix.exe
[2011/05/21 05:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/21 04:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/21 04:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/21 02:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael and Arlene\Start Menu\Programs\HiJackThis
[2011/05/21 02:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/21 02:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/21 02:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/21 02:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael and Arlene\Local Settings\Application Data\Google
[2011/05/21 01:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/21 01:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael and Arlene\My Documents\Any Video Converter Professional
[2011/05/21 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/05/21 01:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video Converter Professional
[2011/05/20 23:21:45 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2011/05/20 23:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2011/05/09 23:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2009/01/16 16:08:55 | 003,989,706 | ---- | C] (Supremtec ) -- C:\Program Files\Common Files\keysetup.exe

========== Files - Modified Within 30 Days ==========

[2011/05/28 23:17:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael and Arlene\Desktop\OTL.exe
[2011/05/28 23:14:41 | 000,000,374 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2011/05/28 20:44:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/28 00:34:06 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Server Documents.lnk
[2011/05/28 00:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 22:58:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/26 22:34:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/26 22:21:32 | 004,294,027 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael and Arlene\Desktop\ComboFix.exe
[2011/05/26 00:03:01 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/05/24 20:36:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/23 21:58:03 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2011/05/22 19:30:43 | 000,467,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/22 19:30:43 | 000,082,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/21 23:54:55 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\syndi.url
[2011/05/21 23:48:22 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\nancy.url
[2011/05/21 23:08:31 | 000,000,303 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Windows BBS - Announcements in Forum Malware and Virus Removal.url
[2011/05/21 06:02:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/21 01:54:49 | 000,013,462 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6gm836v34th12
[2011/05/20 22:54:20 | 000,000,263 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/17 01:05:51 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\pillani.url
[2011/05/16 23:55:25 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Plus Size Clothing at Woman Within®.url
[2011/05/16 23:55:16 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Plus Size Clothing - Fashion for Plus Size women at Roaman's.url
[2011/05/16 14:25:22 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\G2715.url
[2011/05/15 17:16:54 | 002,281,150 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\Healthy_Breaky_Australia_Nov_2010.pdf
[2011/05/15 17:11:51 | 000,054,808 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\25% customer order form - with programme description.pdf
[2011/05/14 22:18:22 | 000,581,500 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Desktop\22a011.5 Poster BW.pdf
[2011/05/13 09:30:00 | 001,216,969 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\89192969000138_424087663_01-05-2011.pdf
[2011/05/12 23:33:42 | 000,815,504 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\0554096748.pdf
[2011/05/12 15:02:40 | 000,082,784 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\FEDEX=CUT3181US-02-03.pdf
[2011/05/12 14:56:27 | 001,092,982 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\FEDEX=100819_SKU3106_usen_label.pdf
[2011/05/09 00:07:54 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 18:27:34 | 000,231,738 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer1a.pdf
[2011/04/29 18:27:01 | 000,189,873 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer2a.pdf
[2011/04/29 18:26:21 | 000,233,861 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer3a.pdf
[2011/04/29 18:25:42 | 000,473,746 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer4a.pdf
[2011/04/29 18:25:05 | 000,233,358 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer5a.pdf
[2011/04/29 18:11:09 | 000,170,536 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\My Documents\UK_Healthy_Breakfast_1a.pdf

========== Files Created - No Company Name ==========

[2011/05/27 17:52:15 | 001,329,232 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\hlform.jpg
[2011/05/23 15:54:38 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2011/05/21 23:08:15 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Windows BBS - Announcements in Forum Malware and Virus Removal.url
[2011/05/21 22:50:00 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2011/05/21 02:16:11 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/21 01:34:50 | 000,013,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6gm836v34th12
[2011/05/21 00:59:42 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\nancy.url
[2011/05/21 00:59:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\syndi.url
[2011/05/21 00:59:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\pillani.url
[2011/05/21 00:59:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\G2715.url
[2011/05/16 23:55:23 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Plus Size Clothing at Woman Within®.url
[2011/05/16 23:55:13 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\Plus Size Clothing - Fashion for Plus Size women at Roaman's.url
[2011/05/16 22:52:51 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/15 17:24:00 | 003,296,271 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\Who Needs Our Products-Healthy Breakfast HOM.pdf
[2011/05/15 17:19:09 | 000,260,215 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\Healthy Breakfast and Wellness Presentation SCRIPT.pdf
[2011/05/15 17:16:54 | 002,281,150 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\Healthy_Breaky_Australia_Nov_2010.pdf
[2011/05/15 17:11:51 | 000,054,808 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\25% customer order form - with programme description.pdf
[2011/05/14 22:18:22 | 000,581,500 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Desktop\22a011.5 Poster BW.pdf
[2011/05/13 09:30:00 | 001,216,969 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\89192969000138_424087663_01-05-2011.pdf
[2011/05/12 23:33:37 | 000,815,504 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\0554096748.pdf
[2011/05/12 15:02:40 | 000,082,784 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\FEDEX=CUT3181US-02-03.pdf
[2011/05/12 14:56:27 | 001,092,982 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\FEDEX=100819_SKU3106_usen_label.pdf
[2011/04/29 18:27:34 | 000,231,738 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer1a.pdf
[2011/04/29 18:27:01 | 000,189,873 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer2a.pdf
[2011/04/29 18:26:21 | 000,233,861 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer3a.pdf
[2011/04/29 18:25:42 | 000,473,746 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer4a.pdf
[2011/04/29 18:25:05 | 000,233,358 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\SF_BfastFlyer5a.pdf
[2011/04/29 18:09:33 | 000,170,536 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\My Documents\UK_Healthy_Breakfast_1a.pdf
[2011/04/27 19:48:26 | 000,155,512 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/12 18:27:03 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/03 15:10:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/03 15:10:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/03 15:10:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/03 15:10:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/03 15:10:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/02 12:11:55 | 000,014,390 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Application Data\BE6E.B2B
[2010/07/21 19:53:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\msninlernm.dll
[2010/05/02 00:40:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/16 21:19:53 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2010/03/09 23:24:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/12/22 11:00:44 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2009/12/02 19:46:21 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2009/11/15 11:11:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/15 11:11:37 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/10/10 23:03:45 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\msphcwordm.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/06/17 02:45:47 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2009/06/16 15:54:47 | 000,000,263 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/04 09:28:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/06 20:21:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/06 00:57:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2009/05/02 23:00:09 | 000,004,210 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2009/04/15 13:53:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2009/03/19 22:53:52 | 000,000,374 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2009/02/19 21:32:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/13 22:24:02 | 000,009,846 | ---- | C] () -- C:\WINDOWS\System32\mswhncorem.dll
[2008/12/31 16:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/11/27 10:47:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 22:07:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2008/07/09 21:36:16 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/07/07 23:44:17 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/21 00:02:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\msqctp.ini
[2008/02/24 15:57:38 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2007/10/24 23:06:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/10/22 15:25:18 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Local Settings\Application Data\fusioncache.dat
[2007/09/02 18:19:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.DAT
[2007/08/18 22:20:34 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SDVC03.drv
[2007/08/07 15:51:22 | 000,011,179 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Application Data\Comma Separated Values (Windows).CAL
[2007/06/17 13:19:26 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/17 02:58:06 | 002,535,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/16 19:48:24 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/06/16 19:04:53 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Application Data\PFP110JPR.{PB
[2007/06/16 19:04:53 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Michael and Arlene\Application Data\PFP110JCM.{PB
[2007/06/16 19:04:51 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6E82C155BB.sys
[2007/06/16 19:01:40 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2007/06/16 17:27:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/06/16 17:11:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/26 03:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/12/28 00:16:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2004/08/16 22:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,467,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,082,450 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/26 08:53:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/26 08:53:04 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/03/16 08:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/08/21 11:08:18 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2003/02/20 01:00:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/29 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/27 05:38:04 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/14 00:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MICHAEL
[2010/05/28 18:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/31 01:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\clp
[2010/06/09 09:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
[2010/12/07 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/01/20 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2007/06/16 17:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/02/10 17:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/12/07 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2007/06/25 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office-Kit.com
[2010/11/13 22:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/24 22:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/07/02 01:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/05/26 22:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/17 02:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/24 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/09/08 23:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Aim
[2011/05/21 01:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\AnvSoft
[2010/07/25 18:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\CamfrogWEB
[2009/01/05 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Canon
[2011/04/02 22:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Dropbox
[2010/06/14 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Facebook
[2010/11/17 21:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\IBP
[2011/03/11 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Leadertech
[2010/12/07 21:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Nokia
[2010/12/07 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Nokia Ovi Suite
[2007/06/25 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Office-Kit.com
[2008/11/08 01:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Pamela
[2009/12/07 22:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\PC Suite
[2007/07/15 21:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\ROUTE 66 Sync
[2010/03/01 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\SolidDocuments
[2010/11/08 21:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\Thinstall
[2010/07/05 22:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael and Arlene\Application Data\URSoft
[2011/05/28 20:44:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/06/16 17:41:04 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/26 00:03:01 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/05/26 22:34:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/05/26 23:10:32 | 000,016,182 | ---- | M] () -- C:\ComboFix.txt
[2007/06/16 17:15:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/28 22:05:06 | 000,014,756 | ---- | M] () -- C:\DeviceLink.log
[2010/11/14 22:00:44 | 000,038,867 | ---- | M] () -- C:\fraglist.luar
[2010/11/14 22:00:44 | 000,026,820 | ---- | M] () -- C:\fraglist.txt
[2007/06/16 17:15:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/09 20:46:10 | 008,136,504 | ---- | M] () -- C:\log_fs.log
[2007/06/16 17:15:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/09 19:36:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/10/30 14:09:01 | 000,011,520 | ---- | M] () -- C:\outsound.bin
[2011/05/28 22:21:18 | 327,155,712 | -HS- | M] () -- C:\pagefile.sys
[2009/01/30 14:42:49 | 000,006,136 | ---- | M] () -- C:\resetlog.txt
[2009/03/11 13:29:09 | 000,023,423 | ---- | M] () -- C:\split.log
[2007/06/16 18:50:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/06/16 18:50:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/04/12 01:53:49 | 000,000,014 | ---- | M] () -- C:\statistics.xml
[2011/05/23 21:58:03 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/06/16 17:14:45 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 20:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2005/09/08 10:23:00 | 000,051,834 | ---- | M] () -- C:\WINDOWS\vuepro32.jpg

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/05/10 22:54:34 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Michael and Arlene\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/06/17 02:57:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/17 02:57:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/17 02:57:09 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/05/09 19:47:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/01/12 19:40:48 | 005,136,083 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\portable_uruninstaller_2010.exe

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/05/09 21:12:09 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Michael and Arlene\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/26 22:21:32 | 004,294,027 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael and Arlene\desktop\ComboFix.exe
[2011/05/28 23:17:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael and Arlene\desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/01/16 16:09:03 | 003,989,706 | ---- | M] (Supremtec ) -- C:\Program Files\Common Files\keysetup.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/05/09 21:12:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\Desktop.ini
[2007/04/20 10:54:45 | 000,010,141 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\easy_setup_tool_check.htm
[2005/06/16 13:35:15 | 000,006,914 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\getattch.htm
[1999/06/05 13:57:52 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\My Documents.lnk
[2007/01/08 22:55:35 | 000,004,582 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\Pocket Tanks Deluxe.htm
[2002/11/27 09:58:58 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\time to tell.doc
[2008/07/07 17:32:34 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Michael and Arlene\Favorites\Ó°Ã’ô·Ã§±©¹Ã™·½Ã•¾.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/05/22 19:22:02 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Michael and Arlene\Cookies\desktop.ini
[2011/05/28 23:21:41 | 000,049,152 | -H-- | M] () -- C:\Documents and Settings\Michael and Arlene\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AUOptions" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 281 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E3D650
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C

< End of report >

 

All processes killed
========== OTL ==========
Error: Unable to stop service aswTdi!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi deleted successfully.
C:\WINDOWS\system32\drivers\aswTdi.sys moved successfully.
Error: Unable to stop service aswSP!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP deleted successfully.
C:\WINDOWS\system32\drivers\aswSP.sys moved successfully.
Service aswRdr stopped successfully!
Service aswRdr deleted successfully!
C:\WINDOWS\system32\drivers\aswRdr.sys moved successfully.
Error: Unable to stop service aswMon2!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2 deleted successfully.
C:\WINDOWS\system32\drivers\aswmon2.sys moved successfully.
Error: Unable to stop service aswFsBlk!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFsBlk deleted successfully.
C:\WINDOWS\system32\drivers\aswFsBlk.sys moved successfully.
Error: Unable to stop service Aavmker4!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4 deleted successfully.
C:\WINDOWS\system32\drivers\aavmker4.sys moved successfully.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 60283 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_USERS\S-1-5-21-436374069-842925246-839522115-1004_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-436374069-842925246-839522115-1004_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\6gm836v34th12 moved successfully.
C:\Documents and Settings\Michael and Arlene\Application Data\BE6E.B2B moved successfully.
C:\Documents and Settings\All Users\Application Data\˜113.›sys moved successfully.
C:\WINDOWS\system32\6E82C155BB.sys moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6E3D650 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1687686 bytes
->Flash cache emptied: 3384 bytes

User: Michael and Arlene
->Temp folder emptied: 3118223 bytes
->Temporary Internet Files folder emptied: 152829503 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57404064 bytes
->Flash cache emptied: 8238 bytes

User: NetworkService
->Temp folder emptied: 6906 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 6535 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35179 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 149534 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Michael and Arlene
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05302011_212336

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.181.14
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MsMpEng.exe
``````````End of Log````````````

 

ESET online scan .. to follow when it finally finishes :c)

 

ESETScan Log



C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Betting.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Casino.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Games.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Horoscope.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Software\Adware Remover.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Software\Anti-Virus.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Software\PC Cleaner.lnk LNK/URL.B trojan
C:\Documents and Settings\Michael and Arlene\Favorites\Software\Tech & gadgets.lnk LNK/URL.B trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mseHneernm.dll.vir a variant of Win32/Spy.KeyLogger.NDN trojan
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP909\A0182257.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0183795.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0183796.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0183797.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0183798.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0183799.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0183807.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP911\A0184752.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184861.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184862.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184863.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184864.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184865.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184866.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP912\A0184897.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{17578BD6-533D-4064-8C47-61131E251286}\RP915\A0191315.dll a variant of Win32/Spy.KeyLogger.NDN trojan
C:\WINDOWS\agizaderirifej.dll a variant of Win32/Kryptik.NZL trojan
C:\WINDOWS\system32\msninlernm.dll a variant of Win32/Spy.KeyLogger.NDN trojan

 

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Betting.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Casino Palace.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Casino.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Games.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Fun & Games\Horoscope.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Software\Adware Remover.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Software\Anti-Virus.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Software\PC Cleaner.lnk moved successfully.
C:\Documents and Settings\Michael and Arlene\Favorites\Software\Tech & gadgets.lnk moved successfully.
C:\WINDOWS\agizaderirifej.dll moved successfully.
C:\WINDOWS\system32\msninlernm.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Michael and Arlene
->Temp folder emptied: 31990665 bytes
->Temporary Internet Files folder emptied: 45561820 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 97555895 bytes
->Flash cache emptied: 770 bytes

User: NetworkService
->Temp folder emptied: 4012 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 533425 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 168.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Michael and Arlene
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06012011_215643

Files\Folders moved on Reboot...
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\KVNNS6WP\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\KVNNS6WP\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\6FA09K2O\99086-active-malware-issue-browser-redirect-no-go-auto-updates-ms-update-3[1].html moved successfully.
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\6FA09K2O\ads[2].htm moved successfully.
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\6FA09K2O\ddc[1].htm moved successfully.
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\6FA09K2O\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Michael and Arlene\Local Settings\Temporary Internet Files\Content.IE5\6FA09K2O\pixel[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\TMP000000039B6EDB0E7918A993 not found!

Registry entries deleted on Reboot...

 

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Michael and Arlene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3951153 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 769 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Michael and Arlene
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_221553

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Windows Updates:
* I get the startbar pop up there are updates - I allow updates but I get an error that no updates can be installed.
* Windows update site just continually rolls thru "Checking for the latest updates for your computer..."
* Can't set automatic updates from control panel

Avira goes thru the "Files are being downloaded ..." gets to the installing new files then fails after about 2min with an error. Log below

 

Avira AntiVir Personal - Free Antivirus Updater
Complete product update

Creation time: Thu Jun 02 12:54:02 2011


Operating system:
Windows XP (Service Pack 3) [5.1.2600] 32 bit

Product information:
Product version: 10.0.0.648
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.37
Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\

Proxy settings:
System settings used

12:54:19 [UPD] [INFO] Checking whether newer files are available.
12:54:19 [UPD] [INFO] Select update server 'http://62.146.66.186/update'.
12:54:19 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
12:54:22 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/wks_avira10-win32-en-pecl.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pecl.idx'.
12:54:22 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/wks_avira10-win32-en-pecl.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pecl.info.gz'.
12:54:24 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/vdf.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz'.
12:54:24 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/rdf-common-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info.gz'.
12:54:25 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/ave2-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz'.
12:54:25 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/wks_avira10-win32-en-pecl-info.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pecl-info.info.gz'.
12:54:25 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/hips-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\hips-win32-int.info.gz'.
12:54:26 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/scanner-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info.gz'.
12:54:26 [UPD] [INFO] Compare local files with status of update server
12:54:26 [UPD] [INFO] Checking module SELFUPDATE:
12:54:27 [UPD] [INFO] Checking module VDF:
12:54:27 [UPD] [INFO] File 'n_vdf/vbase013.vdf' (local, server): 7.11.8.187 < 7.11.8.222
12:54:27 [UPD] [INFO] File 'n_vdf/vbase014.vdf' (local, server): 7.11.8.188 < 7.11.8.223
12:54:27 [UPD] [INFO] File 'n_vdf/vbase015.vdf' (local, server): 7.11.8.189 < 7.11.8.224
12:54:27 [UPD] [INFO] File 'n_vdf/vbase016.vdf' (local, server): 7.11.8.190 < 7.11.8.225
12:54:27 [UPD] [INFO] File 'n_vdf/vbase017.vdf' (local, server): 7.11.8.191 < 7.11.8.226
12:54:27 [UPD] [INFO] File 'n_vdf/vbase018.vdf' (local, server): 7.11.8.192 < 7.11.8.227
12:54:27 [UPD] [INFO] File 'n_vdf/vbase019.vdf' (local, server): 7.11.8.193 < 7.11.8.228
12:54:27 [UPD] [INFO] File 'n_vdf/vbase020.vdf' (local, server): 7.11.8.194 < 7.11.8.229
12:54:27 [UPD] [INFO] File 'n_vdf/vbase021.vdf' (local, server): 7.11.8.195 < 7.11.8.230
12:54:27 [UPD] [INFO] File 'n_vdf/vbase022.vdf' (local, server): 7.11.8.196 < 7.11.8.231
12:54:27 [UPD] [INFO] File 'n_vdf/vbase023.vdf' (local, server): 7.11.8.197 < 7.11.8.232
12:54:27 [UPD] [INFO] File 'n_vdf/vbase024.vdf' (local, server): 7.11.8.198 < 7.11.8.233
12:54:27 [UPD] [INFO] File 'n_vdf/vbase025.vdf' (local, server): 7.11.8.199 < 7.11.8.234
12:54:27 [UPD] [INFO] File 'n_vdf/vbase026.vdf' (local, server): 7.11.8.200 < 7.11.8.235
12:54:27 [UPD] [INFO] File 'n_vdf/vbase027.vdf' (local, server): 7.11.8.201 < 7.11.8.236
12:54:27 [UPD] [INFO] File 'n_vdf/vbase028.vdf' (local, server): 7.11.8.202 < 7.11.8.237
12:54:27 [UPD] [INFO] File 'n_vdf/vbase029.vdf' (local, server): 7.11.8.203 < 7.11.8.238
12:54:27 [UPD] [INFO] File 'n_vdf/vbase030.vdf' (local, server): 7.11.8.204 < 7.11.8.239
12:54:27 [UPD] [INFO] File 'n_vdf/vbase031.vdf' (local, server): 7.11.8.207 < 7.11.8.240
12:54:27 [UPD] [INFO] File 'n_vdf/aevdf.dat' (local, server): 7.11.8.207 < 7.11.8.240
12:54:27 [UPD] [INFO] Checking module RDF:
12:54:27 [UPD] [INFO] Checking module AVE2:
12:54:27 [UPD] [INFO] File 'ave2/win32/int/aeheur.dll' (local, server): 8.1.2.122 < 8.1.2.123
12:54:27 [UPD] [INFO] File 'ave2/win32/int/aeoffice.dll' (local, server): 8.1.1.23 < 8.1.1.25
12:54:27 [UPD] [INFO] File 'ave2/win32/int/aesbx.dll' (local, server): 8.2.1.33 < 8.2.1.34
12:54:27 [UPD] [INFO] File 'ave2/win32/int/aeset.dat' (local, server): 8.2.5.6 < 8.2.5.12
12:54:27 [UPD] [INFO] Checking module MAIN:
12:54:36 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/filelist.ini'. The file will therefore not be taken into account.
12:54:36 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/insthlp.exe'. The file will therefore not be taken into account.
12:54:37 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/presetup.exe'. The file will therefore not be taken into account.
12:54:37 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/quicksysscan.avp' is already installed and is not being updated.
12:54:38 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/vcredist_x86.exe'. The file will therefore not be taken into account.
12:54:38 [UPD] [INFO] Checking module COMMAPPDATA_AV:
12:54:38 [UPD] [INFO] File'wks_avira10/win32/en/pecl/addr_file.html' is already installed and is not being updated.
12:54:38 [UPD] [INFO] Checking module COMMAPP:
12:54:38 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/produpd.avj' is already installed and is not being updated.
12:54:38 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/scanjob.avj' is already installed and is not being updated.
12:54:38 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/startupd.avj' is already installed and is not being updated.
12:54:38 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/updjob.avj' is already installed and is not being updated.
12:54:38 [UPD] [INFO] Checking module COMMAPDATA_AV_PROFILES:
12:54:38 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/folder.avp' is already installed and is not being updated.
12:54:38 [UPD] [INFO] Checking module TEXT:
12:54:39 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/en-us/eula.txt'. The file will therefore not be taken into account.
12:54:39 [UPD] [INFO] Checking module DRV:
12:54:39 [UPD] [INFO] Checking module PRODINFO:
12:54:39 [UPD] [INFO] Checking module HIPS:
12:54:39 [UPD] [INFO] Checking module SCANNER:
12:54:40 [UPD] [INFO] Checking dependencies for product update mode.
12:54:40 [UPD] [INFO] Dependencies have been executed.
12:54:40 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\' requires 4084218 bytes of free disk space.
12:54:40 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\' requires 8387584 bytes of free disk space.
12:54:40 [UPD] [INFO] 'C:\Program Files\Avira\AntiVir Desktop\' requires 4193792 bytes of free disk space.
12:54:40 [UPD] [INFO] Disk space OK.
12:54:40 [UPD] [INFO] Drive: C:\, free capacity: 2307055616 bytes.
12:54:40 [UPD] [INFO] New files are being downloaded...
12:54:40 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase013.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase013.vdf.gz'.
12:54:44 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase014.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase014.vdf.gz'.
12:54:45 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase015.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase015.vdf.gz'.
12:54:45 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase016.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase016.vdf.gz'.
12:54:46 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase017.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase017.vdf.gz'.
12:54:46 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase018.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase018.vdf.gz'.
12:54:47 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase019.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase019.vdf.gz'.
12:54:47 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase020.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase020.vdf.gz'.
12:54:47 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase021.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase021.vdf.gz'.
12:54:48 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase022.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase022.vdf.gz'.
12:54:48 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase023.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase023.vdf.gz'.
12:54:49 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase024.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase024.vdf.gz'.
12:54:49 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase025.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase025.vdf.gz'.
12:54:50 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase026.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase026.vdf.gz'.
12:54:50 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase027.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase027.vdf.gz'.
12:54:51 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase028.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase028.vdf.gz'.
12:54:53 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase029.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase029.vdf.gz'.
12:54:53 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase030.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase030.vdf.gz'.
12:54:53 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/vbase031.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf.gz'.
12:54:54 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/n_vdf/aevdf.dat.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat.gz'.
12:54:54 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/ave2/win32/int/aeheur.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll.gz'.
12:55:34 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/ave2/win32/int/aeoffice.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll.gz'.
12:55:49 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/ave2/win32/int/aesbx.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll.gz'.
12:55:53 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/ave2/win32/int/aeset.dat.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeset.dat.gz'.
12:55:57 [UPD] [INFO] The program is running as an unrestricted full version.
12:57:53 [UPD] [ERROR] Validation of engine failed. Error258


Summary:
********
24 Files downloaded
0 Files installed

Thu Jun 02 12:57:53 2011
The update failed!