Solved Google Redirect virus

jaygeoff · 2010/10/19

[Resolved] Google Redirect virus

Hi,
I am having trouble with the Google Re-direct Virus.
I used TDSSkiller but it did not solve the problem. The first time I ran it, it found a problem and "cured it ". Second time it did not find anything.

The other symptom besides being re-directed to ad sites from google search results is when I log on to gmail it just returns to the logon page. I've cleared teh cookies and cache but to no avail.

DDS.TXT output below:

DDS (Ver_10-10-10.03) - NTFSx86
Run by UKJAYS2009 at 20:25:15.91 on 19/10/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1788 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdncoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardService.exe
C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SMART Technologies\Classroom Teacher\DesktopMenu.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardTools.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\SMART Technologies\Classroom Teacher\Aware.exe
C:\Program Files\SMART Technologies\Classroom Teacher\Marker.exe
C:\Program Files\SMART Technologies\Classroom Teacher\ResponseSoftwareService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\UKJAYS2009\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.koower.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.koower.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\classroom teacher\NotebookPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SMART Sync: {8e1233b3-485a-4e51-b77e-9e075a68c588} - c:\program files\smart technologies\classroom teacher\sync teacher\SyncIEToolbar.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ZE18MW23GY] c:\users\ukjays~1\appdata\local\temp\Bwc.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [SMART Board Service] c:\program files\smart technologies\classroom teacher\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe -e
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
StartupFolder: c:\users\ukjays~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\smart technologies\classroom teacher\DesktopMenu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\classroom teacher\SMARTBoardTools.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: sch.uk\portal.st-annes.enfield
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://portal.st-annes.enfield.sch.uk/XTSAC.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://portal.st-annes.enfield.sch.uk/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://portal.st-annes.enfield.sch.uk/MLWebCacheCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 93.188.164.73,93.188.166.223
TCP: {79FAF9E7-2FEA-4C04-B784-ADBC70A5024F} = 93.188.164.73,93.188.166.223
TCP: {927011F6-887C-4D1C-A122-5111A1D7ED14} = 93.188.164.73,93.188.166.223
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ukjays~1\appdata\roaming\mozilla\firefox\profiles\bubfht52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-11 11608]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-5-11 20384]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-11 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-11 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-11 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-11 60936]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 Response Hardware;Response Hardware;c:\program files\smart technologies\classroom teacher\ResponseHardwareService.exe [2010-2-9 30504]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-7 126976]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-10 14336]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-8 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-25 73728]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2009-12-15 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2009-12-15 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2009-12-15 13440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-8-27 124368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-5-11 954368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-10-19 08:16:07 -------- d-----w- C:\_OTM
2010-10-05 10:52:31 -------- d-----w- c:\progra~2\Chief Architect Premier X3 Trial Version
2010-10-05 10:52:16 -------- d-----w- c:\users\ukjays~1\appdata\roaming\Chief Architect Premier X3 Trial Version
2010-10-05 10:51:39 -------- d-----w- c:\program files\Chief Architect
2010-10-05 09:44:04 -------- d-----w- c:\users\ukjays~1\appdata\roaming\GetRightToGo
2010-09-22 07:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-22 07:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-20 01:14:23 -------- d-----w- c:\progra~2\TOSHIBA Tempro

==================== Find3M ====================

2010-09-14 17:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 20:26:03.14 ===============

ATTACH.TXT OUTPUT BELOW

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/05/2009 23:53:15
System Uptime: 19/10/2010 20:19:10 (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 116 GiB total, 31.227 GiB free.
E: is FIXED (NTFS) - 115 GiB total, 109.865 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Able2Extract v6.0
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe FrameMaker 9
Adobe FrameMaker CSTI Driver
Adobe FrameMaker Dependencies Driver
Adobe Help Viewer 2
Adobe Linguistics CS4
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Reader 9.4.0
Adobe Setup
Adobe Shockwave Player 11.5
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazing Slow Downer (remove only)
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Avira AntiVir Premium
Bluetooth Stack for Windows by Technika
BufferChm
C7100
c7100_Help
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Chief Architect Premier X3 Trial Version
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
DocProc
DocProcQFolder
Driver Detective
DVD MovieFactory for TOSHIBA
e-Science
EQ6
Exampro AQA GCSE Additional Science Demo
Exampro AQA GCSE Biology
Exampro AQA GCSE Chemistry
Exampro AQA GCSE Physics
Exampro AQA GCSE Science A Demo
Exampro AQA GCSE Science B Demo
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.71e
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Update
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Lexmark Tools for Office
McAfee Security Scan Plus
Medieval II Total War
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Science School
myphotobook 3.6
NetDeviceManager
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
OUP Year 7 Framework Science
OUP Year 8 Framework Science
Picasa 3
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Science Foundation Presents Physics 2
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Shockwave
Skypeâ„¢ 4.0
SMART Classroom Suite Teacher
SmartMusic Content (shared music files)
SmartMusic for Essential Elements 2000 Band Book 1 Student Edition
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 0.9.8a
Vodafone Mobile Connect Lite
WebReg
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

19/10/2010 20:22:52, Error: Service Control Manager [7034] - The Notebook Performance Tuning Service (TEMPRO) service terminated unexpectedly. It has done this 1 time(s).
19/10/2010 20:21:13, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
19/10/2010 06:31:39, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
18/10/2010 07:40:54, Error: EventLog [6008] - The previous system shutdown at 22:53:52 on 17/10/2010 was unexpected.
17/10/2010 21:34:07, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
17/10/2010 21:28:04, Error: Service Control Manager [7024] - The Avira AntiVir MailGuard service terminated with service-specific error 1 (0x1).
17/10/2010 19:02:59, Error: EventLog [6008] - The previous system shutdown at 13:16:43 on 17/10/2010 was unexpected.
15/10/2010 18:19:00, Error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&c8c337f&0&00E1) disappeared from the system without first being prepared for removal.
14/10/2010 07:33:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
14/10/2010 07:33:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2010 07:33:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
14/10/2010 06:55:07, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================

Thanks for your help

Admin. · 2010/10/19

Yes, you're infected. Wait for a Malware expert to respond, do not run additional tools on your system!

broni · 2010/10/19

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jaygeoff · 2010/10/20

Scan results

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20/10/2010 22:11:02
mbam-log-2010-10-20 (22-11-02).txt

Scan type: Quick scan
Objects scanned: 123275
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79faf9e7-2fea-4c04-b784-adbc70a5024f}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{927011f6-887c-4d1c-a122-5111a1d7ed14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{927011f6-887c-4d1c-a122-5111a1d7ed14}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_________________________________________________________

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L300
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 158):
0x82211000 \SystemRoot\system32\ntkrnlpa.exe
0x825CA000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x89E0D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89E89000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89E96000 \SystemRoot\system32\drivers\acpi.sys
0x89EDC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x89EE5000 \SystemRoot\system32\drivers\msisadrv.sys
0x89EED000 \SystemRoot\system32\drivers\pci.sys
0x89F14000 \SystemRoot\System32\drivers\partmgr.sys
0x89F23000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x89F26000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x89F30000 \SystemRoot\system32\drivers\volmgr.sys
0x89F3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x89F89000 \SystemRoot\System32\drivers\mountmgr.sys
0x89F99000 \SystemRoot\system32\DRIVERS\pciide.sys
0x89FA0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8A00A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A0D8000 \SystemRoot\system32\drivers\atapi.sys
0x8A0E0000 \SystemRoot\system32\drivers\ataport.SYS
0x8A0FE000 \SystemRoot\system32\drivers\msahci.sys
0x8A108000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A13A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A14A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A153000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A20A000 \SystemRoot\system32\drivers\ndis.sys
0x8A315000 \SystemRoot\system32\drivers\msrpc.sys
0x8A340000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A409000 \SystemRoot\System32\drivers\tcpip.sys
0x8A4F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A60E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A71E000 \SystemRoot\system32\drivers\volsnap.sys
0x8A757000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8A75C000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8A79F000 \SystemRoot\System32\Drivers\spldr.sys
0x8A7A7000 \SystemRoot\System32\Drivers\mup.sys
0x8A7B6000 \SystemRoot\System32\drivers\ecache.sys
0x8A7DD000 \SystemRoot\system32\drivers\disk.sys
0x8A50E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7EE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A37B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A7F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A400000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8A386000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A395000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DC01000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E2E5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E386000 \SystemRoot\System32\drivers\watchdog.sys
0x8E392000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E39D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E3DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E405000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E492000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E4B3000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E59A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E5AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E5B8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E5E7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E5E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E5F4000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8A399000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E5F8000 \SystemRoot\system32\DRIVERS\SMARTVHidMini2000x86.sys
0x8E3EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A3B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E5FB000 \SystemRoot\system32\DRIVERS\SMARTVTabletPCx86.sys
0x8A3B8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89FAE000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A3E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A1C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A3F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89FEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807C8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E803000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E82D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E837000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E844000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E879000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E881000 \SystemRoot\system32\DRIVERS\SMARTMouseFilterx86.sys
0x8E889000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E89A000 \SystemRoot\system32\drivers\portcls.sys
0x8E8C7000 \SystemRoot\system32\drivers\drmk.sys
0x8EC0D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8ED29000 \SystemRoot\system32\drivers\modem.sys
0x8ED36000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED3F000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED46000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED4D000 \SystemRoot\System32\drivers\vga.sys
0x8ED59000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED7A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED82000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED8A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ED95000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EDA3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EDAC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDC2000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E8EC000 \SystemRoot\system32\drivers\afd.sys
0x8E934000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EDD6000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8EDDF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EDF5000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x8E966000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E974000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EDFA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E987000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EC00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E9C3000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E9DA000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8EC0A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F806000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F81D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8F832000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x8F83B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F85C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F865000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F872000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96E00000 \SystemRoot\System32\win32k.sys
0x8F940000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F94A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97020000 \SystemRoot\System32\TSDDD.dll
0x97040000 \SystemRoot\System32\cdd.dll
0x97050000 \SystemRoot\System32\ATMFD.DLL
0x8F959000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F981000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F996000 \SystemRoot\system32\drivers\luafv.sys
0x8A52F000 \SystemRoot\system32\drivers\spsys.sys
0x8F9B1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F9C1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F9EB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8A5DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAC40F000 \SystemRoot\system32\drivers\HTTP.sys
0xAC47C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAC499000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAC4B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAC4C7000 \SystemRoot\system32\drivers\mrxdav.sys
0xAC4E8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAC507000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAC540000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC558000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC57F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD803000 \SystemRoot\system32\drivers\peauth.sys
0xAD8E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD8EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD8F7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAD90C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAD91E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD936000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAD93F000 \??\C:\Users\UKJAYS~1\AppData\Local\Temp\kxtyikob.sys
0x77D90000 \Windows\System32\ntdll.dll

Processes (total 106):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
596 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
688 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
932 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
956 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1144 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1240 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\audiodg.exe
1680 C:\Windows\System32\SLsvc.exe
1740 C:\Windows\System32\svchost.exe
1896 C:\Windows\System32\svchost.exe
1924 C:\Windows\System32\wisptis.exe
2020 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1520 C:\Windows\System32\wlanext.exe
1876 C:\Windows\System32\spoolsv.exe
236 C:\Program Files\Avira\AntiVir Desktop\sched.exe
556 C:\Windows\System32\svchost.exe
656 C:\Windows\System32\agrsmsvc.exe
1192 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
588 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
2052 C:\Windows\System32\svchost.exe
2068 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2140 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\lxdncoms.exe
2440 C:\Windows\System32\svchost.exe
2488 C:\Program Files\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe
2616 C:\Windows\System32\svchost.exe
2860 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2912 C:\Windows\System32\TODDSrv.exe
2936 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2952 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3012 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
3040 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3060 C:\Windows\System32\svchost.exe
3108 C:\Windows\System32\SearchIndexer.exe
3156 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3232 WUDFHost.exe
3312 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
3528 C:\Windows\System32\svchost.exe
3688 WmiPrvSE.exe
2544 C:\Windows\System32\wisptis.exe
1356 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2556 C:\Windows\System32\taskeng.exe
2692 C:\Windows\System32\dwm.exe
3024 C:\Windows\explorer.exe
3764 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2448 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
3964 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
3900 C:\Windows\System32\igfxtray.exe
4040 C:\Windows\System32\hkcmd.exe
2920 C:\Windows\System32\igfxpers.exe
1336 C:\Windows\RtHDVCpl.exe
3816 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3820 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
4080 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2708 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
1720 C:\Windows\System32\igfxsrvc.exe
3824 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
2560 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1960 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3172 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4088 C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardService.exe
3620 C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe
3116 C:\Program Files\Toshiba TEMPRO\TemproTray.exe
4380 C:\Program Files\Windows Sidebar\sidebar.exe
4420 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
4464 C:\Windows\System32\wbem\unsecapp.exe
4484 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4500 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
4524 C:\Windows\ehome\ehtray.exe
4568 WmiPrvSE.exe
4596 C:\Program Files\Windows Media Player\wmpnscfg.exe
4752 C:\Windows\ehome\ehmsas.exe
4764 C:\Program Files\SMART Technologies\Classroom Teacher\DesktopMenu.exe
4836 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
4848 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
4872 C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardTools.exe
5308 C:\Program Files\Windows Media Player\wmpnetwk.exe
5764 C:\Windows\System32\igfxext.exe
5828 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
5276 C:\Program Files\SMART Technologies\Classroom Teacher\Aware.exe
5348 C:\Program Files\SMART Technologies\Classroom Teacher\Marker.exe
5508 C:\Program Files\SMART Technologies\Classroom Teacher\ResponseSoftwareService.exe
3784 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6048 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2872 C:\Program Files\Mozilla Firefox\firefox.exe
5992 C:\Users\UKJAYS2009\Desktop\ft9cq8zj.exe
5120 taskeng.exe
5924 C:\Windows\System32\taskeng.exe
3228 C:\Windows\System32\taskeng.exe
900 C:\Windows\System32\SearchProtocolHost.exe
5104 C:\Windows\System32\SearchFilterHost.exe
3832 dllhost.exe
3216 dllhost.exe
3996 C:\Users\UKJAYS2009\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`70300000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-26UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

_______________________________________________________________

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-21 06:11:04
Windows 6.0.6002 Service Pack 2
Running: ft9cq8zj.exe; Driver: C:\Users\UKJAYS~1\AppData\Local\Temp\kxtyikob.sys

---- System - GMER 1.0.15 ----

SSDT A7EBD833 ZwLoadDriver
SSDT A7EBD838 ZwSetSystemInformation
SSDT A7EBD7F7 ZwTerminateProcess
SSDT A7EBD7F2 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 37D 822BDAE0 4 Bytes [33, D8, EB, A7] {XOR EBX, EAX; JMP 0xffffffffffffffab}
.text ntkrnlpa.exe!KeSetEvent + 5DD 822BDD40 4 Bytes [38, D8, EB, A7] {CMP AL, BL; JMP 0xffffffffffffffab}
.text ntkrnlpa.exe!KeSetEvent + 621 822BDD84 4 Bytes [F7, D7, EB, A7] {NOT EDI; JMP 0xffffffffffffffab}
.text ntkrnlpa.exe!KeSetEvent + 681 822BDDE4 4 Bytes [F2, D7, EB, A7]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A75C480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A79D900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2872] ntdll.dll!LdrLoadDll 77DB9390 5 Bytes JMP 00EA13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4848] ntdll.dll!DbgBreakPoint 77DD8B2E 1 Byte [90]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ef6490
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060ef6490 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Thanks Broni

broni · 2010/10/20

How is redirection?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jaygeoff · 2010/10/21

Re-direct is dead and gone !!!!

ComboFix 10-10-20.04 - UKJAYS2009 21/10/2010 22:13:08.1.2 - x86
Running from: c:\users\UKJAYS2009\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\UKJAYS2009\AppData\Roaming\Microsoft\Windows\Recent\Leadership Survey for School 002.url
c:\users\UKJAYS2009\AppData\Roaming\Microsoft\Windows\Recent\ShoppingElements.doc
c:\windows\system32\F834AH3F.ocx

.
((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 11:18 . 2010-10-21 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-21 11:07 . 2010-10-21 11:08 -------- d-----w- C:\32788R22FWJFW
2010-10-20 11:02 . 2010-10-20 11:02 -------- d-----w- c:\users\UKJAYS2009\AppData\Roaming\Malwarebytes
2010-10-20 11:02 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 11:02 . 2010-10-20 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 11:02 . 2010-10-20 11:02 -------- d-----w- c:\programdata\Malwarebytes
2010-10-20 11:02 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 08:16 . 2010-10-19 08:16 -------- d-----w- C:\_OTM
2010-10-05 10:52 . 2010-10-05 10:52 -------- d-----w- c:\programdata\Chief Architect Premier X3 Trial Version
2010-10-05 10:52 . 2010-10-05 11:10 -------- d-----w- c:\users\UKJAYS2009\AppData\Roaming\Chief Architect Premier X3 Trial Version
2010-10-05 10:51 . 2010-10-05 10:51 -------- d-----w- c:\program files\Chief Architect
2010-10-05 09:44 . 2010-10-05 10:49 -------- d-----w- c:\users\UKJAYS2009\AppData\Roaming\GetRightToGo
2010-09-22 07:10 . 2010-09-22 07:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 07:10 . 2010-09-22 07:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe "= "NDSTray.exe" [BU]
"Google EULA Launcher "= "c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"topi "= "c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel "= "Skytel.exe" [2007-11-20 1826816]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView "= "c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain "= "c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration "= "c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software "= "c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"MobileConnect "= "c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-10-09 2086912]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-28 282792]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMART Board Service "= "c:\program files\SMART Technologies\Classroom Teacher\SMARTBoardService.exe" [2010-01-29 3372328]
"SMART SNMP Agent "= "c:\program files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe" [2010-01-05 1053992]
"Toshiba TEMPRO "= "c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information "= "c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Menu.lnk - c:\program files\SMART Technologies\Classroom Teacher\DesktopMenu.exe [2010-2-9 1930536]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SMART Board Tools.lnk - c:\program files\SMART Technologies\Classroom Teacher\SMARTBoardTools.exe [2010-1-5 11154728]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-6 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-25 08:54 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-23 337064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-28 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-23 405672]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KXTYIKOB
*Deregistered* - kxtyikob

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:00]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.koower.com/
mStart Page = hxxp://www.koower.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: sch.uk\portal.st-annes.enfield
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://portal.st-annes.enfield.sch.uk/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://portal.st-annes.enfield.sch.uk/MLWebCacheCleaner.cab
FF - ProfilePath - c:\users\UKJAYS2009\AppData\Roaming\Mozilla\Firefox\Profiles\bubfht52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-Toshiba TEMPO - c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
SafeBoot-klmdb.sys

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-10-21 22:25:20
ComboFix-quarantined-files.txt 2010-10-21 11:25

Pre-Run: 32,787,968,000 bytes free
Post-Run: 32,707,649,536 bytes free

- - End Of File - - A9F1F05B3CC77D1B2ECB0D05D5E8EC9D

Everything seems to be working normally now. However I await your learned declaration with great anticipation !!!!

Yours truly , humbly and gratefully

broni · 2010/10/21

Good news then

Combofix log looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

jaygeoff · 2010/10/22

Last Step?

OTL logfile created on: 22/10/2010 21:01:13 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\UKJAYS2009\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 30.52 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 109.87 Gb Free Space | 95.43% Space Free | Partition Type: NTFS

Computer Name: UKJAYS2009-PC | User Name: UKJAYS2009 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 20:57:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTL.exe
PRC - [2010/08/27 14:14:48 | 001,050,072 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2010/08/24 20:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 20:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/04/24 02:53:55 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/24 02:53:55 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/24 02:53:55 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/29 05:45:13 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/29 05:45:12 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/29 05:45:12 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/02/09 17:13:30 | 001,930,536 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Classroom Teacher\DesktopMenu.exe
PRC - [2010/02/09 17:13:28 | 000,030,504 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Classroom Teacher\ResponseSoftwareService.exe
PRC - [2010/02/09 17:13:28 | 000,030,504 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe
PRC - [2010/01/29 12:38:56 | 003,372,328 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardService.exe
PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/05 14:44:20 | 001,053,992 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe
PRC - [2009/04/11 17:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 05:54:18 | 006,158,240 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2008/10/10 01:33:34 | 002,086,912 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/10/10 01:32:56 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/08/08 03:54:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/19 06:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/26 00:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/24 20:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 21:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 20:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 20:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 04:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 23:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 10:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/09 00:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/28 10:07:26 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2008/02/07 00:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/18 02:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 02:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/22 03:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 02:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/22 20:57:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTL.exe
MOD - [2009/04/11 17:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 13:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/08/27 14:14:42 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/08/24 20:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/04/24 02:53:55 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/04/24 02:53:55 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/24 02:53:55 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 05:45:13 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/09 17:13:28 | 000,030,504 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe -- (Response Hardware)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/29 11:25:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/10 01:32:56 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/07/19 06:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/25 04:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 10:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/17 01:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/28 10:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/07 00:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 02:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/22 03:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 02:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/29 05:45:13 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/03/29 05:45:13 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/15 21:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2009/12/15 21:46:54 | 000,013,440 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2009/12/15 21:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2009/06/10 04:02:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/11 02:30:22 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/29 13:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/19 04:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/05 00:33:36 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/06/13 03:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/29 02:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/16 03:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 19:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/10 03:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/03 03:26:08 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 21:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/07 03:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/10 00:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/29 01:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 00:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/18 21:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.koower.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.koower.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig "
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "10.34.1.54 "
FF - prefs.js..network.proxy.http_port: 8084

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/18 22:07:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/14 07:33:54 | 000,000,000 | ---D | M]

[2010/03/29 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Mozilla\Extensions
[2010/03/29 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/10/21 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Mozilla\Firefox\Profiles\bubfht52.default\extensions
[2010/04/28 03:32:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UKJAYS2009\AppData\Roaming\Mozilla\Firefox\Profiles\bubfht52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/07 00:07:10 | 000,000,000 | ---D | M] (PDFescape Extension) -- C:\Users\UKJAYS2009\AppData\Roaming\Mozilla\Firefox\Profiles\bubfht52.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}
[2010/10/18 22:04:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\UKJAYS2009\AppData\Roaming\Mozilla\Firefox\Profiles\bubfht52.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/19 19:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 06:55:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 21:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 19:42:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/28 17:34:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/28 17:34:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/28 17:34:49 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/28 17:34:49 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/21 22:19:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Classroom Teacher\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SMART Sync) - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Classroom Teacher\Sync Teacher\SyncIEToolbar.dll (SMART Technologies ULC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\UKJAYS2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: sch.uk ([portal.st-annes.enfield] https in Trusted sites)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.st-annes.enfield.sch.uk/XTSAC.cab (XTSAC Control)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://portal.st-annes.enfield.sch.uk/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://portal.st-annes.enfield.sch.uk/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\UKJAYS2009\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\UKJAYS2009\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/22 20:57:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTL.exe
[2010/10/21 22:25:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/21 22:09:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/21 22:09:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/21 22:09:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/21 22:08:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/21 22:07:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/21 22:07:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/21 22:07:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/20 22:02:33 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\Malwarebytes
[2010/10/20 22:02:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/20 22:02:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/20 22:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/20 22:01:17 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\UKJAYS2009\Desktop\mbam-setup-1.46.exe
[2010/10/19 19:45:08 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\tdsskiller
[2010/10/19 19:39:12 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\GooredFix Backups
[2010/10/19 19:37:31 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\UKJAYS2009\Desktop\GooredFix.exe
[2010/10/19 19:16:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/19 19:12:58 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTM.exe
[2010/10/16 07:20:04 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\Biometry
[2010/10/05 21:52:42 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Documents\Chief Architect Premier X3 Trial Version Data
[2010/10/05 21:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Chief Architect Premier X3 Trial Version
[2010/10/05 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\Chief Architect Premier X3 Trial Version
[2010/10/05 21:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Chief Architect
[2010/10/05 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\GetRightToGo
[2010/09/20 12:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro
[2010/09/17 18:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/09/17 18:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/08/31 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Documents\My Notebook Content
[2010/08/31 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\.smarttech-webinterface
[2010/08/31 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Local\SMART Technologies Inc
[2010/08/31 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Documents\LabVIEW Data
[2010/08/31 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Documents\SMART Notebook
[2010/08/31 18:01:43 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Local\SMART Technologies
[2010/08/26 12:03:27 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Documents\SMART Technologies
[2010/08/23 22:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2010/08/23 22:00:04 | 000,033,064 | ---- | C] (SMART Technologies ULC) -- C:\Windows\System32\smrtlocalmon.dll
[2010/08/23 22:00:04 | 000,023,848 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\System32\smrtlocalui.dll
[2010/08/23 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\SMART Technologies
[2010/08/23 18:26:05 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\PAC
[2010/08/23 18:25:44 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\SMART
[2010/08/23 18:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2010/08/23 18:21:09 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\SMART Technologies Inc
[2010/08/23 18:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2010/08/23 18:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies
[2010/08/23 18:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies
[2010/08/23 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Local\Downloaded Installations
[2010/08/23 09:56:56 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\.sslvpn
[2010/08/22 15:02:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/18 21:51:50 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\EQ6
[2010/08/13 18:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/08/13 18:49:32 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Office Genuine Advantage
[2010/08/08 15:46:15 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Documents\My EQ6
[2010/08/08 15:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Electric Quilt Company
[2010/08/08 00:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/29 12:00:24 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\Desktop\House
[2010/07/26 22:43:53 | 000,000,000 | ---D | C] -- C:\Users\UKJAYS2009\AppData\Roaming\HpUpdate
[2010/07/26 22:43:52 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2007/11/29 11:19:08 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2007/11/29 11:16:04 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2007/11/29 11:13:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2007/11/29 11:13:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2007/11/29 11:13:22 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2007/11/29 11:12:26 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2007/11/29 11:12:08 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2007/11/29 11:11:48 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2007/11/29 11:10:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2007/11/29 11:09:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/22 20:57:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTL.exe
[2010/10/22 20:55:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/22 20:55:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/22 20:55:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/21 22:19:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/21 22:01:54 | 003,882,134 | R--- | M] () -- C:\Users\UKJAYS2009\Desktop\ComboFix.exe
[2010/10/21 10:09:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 10:09:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 22:29:49 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/20 22:29:49 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/20 22:23:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/20 22:02:26 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 21:56:54 | 000,080,384 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\MBRCheck.exe
[2010/10/20 21:54:48 | 000,294,912 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\ft9cq8zj.exe
[2010/10/20 21:52:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\UKJAYS2009\Desktop\mbam-setup-1.46.exe
[2010/10/19 19:43:31 | 001,211,285 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\tdsskiller.zip
[2010/10/19 19:37:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\UKJAYS2009\Desktop\GooredFix.exe
[2010/10/19 19:13:00 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTM.exe
[2010/10/19 18:41:56 | 000,544,768 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\dds.scr
[2010/10/18 08:29:49 | 000,010,166 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\Bathrooms.docx
[2010/10/17 10:02:20 | 000,021,847 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\CathyStats.xlsx
[2010/10/17 09:32:33 | 000,000,165 | -H-- | M] () -- C:\Users\UKJAYS2009\Desktop\~$CathyStats.xlsx
[2010/10/15 21:29:18 | 000,028,672 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\MineToRead.docx
[2010/10/15 09:53:48 | 000,569,776 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\CXC FP Risk Profile.pdf
[2010/10/14 07:33:54 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 07:23:45 | 002,277,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/06 09:01:22 | 000,025,716 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\EliottEssayComments.docx
[2010/10/05 23:12:23 | 000,119,242 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\CHIEF ARCHITECT.docx
[2010/10/05 21:52:05 | 000,002,303 | ---- | M] () -- C:\Users\Public\Desktop\Chief Architect Premier X3 Trial Version.lnk
[2010/09/26 09:49:24 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/17 18:40:29 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/09/12 22:30:31 | 000,016,833 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\49 Farm Jobs.docx
[2010/08/31 13:52:52 | 000,107,008 | ---- | M] () -- C:\Users\UKJAYS2009\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 16:08:57 | 001,252,352 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\8K Light PACYr9.ppt
[2010/08/23 18:25:14 | 000,010,133 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\Go forth into the world in peace.docx
[2010/08/23 18:21:02 | 000,002,134 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2010/08/23 18:21:02 | 000,002,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Menu.lnk
[2010/08/23 16:46:30 | 000,060,434 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\PAC Seating.pptm
[2010/08/22 15:01:54 | 252,823,987 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/17 20:54:12 | 000,049,031 | ---- | M] () -- C:\Users\UKJAYS2009\Documents\Earth Movements.pptx
[2010/08/08 16:01:23 | 000,003,120 | ---- | M] () -- C:\Windows\CQ8A6DDJ.ocx
[2010/08/08 15:50:36 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\EQ6.lnk
[2010/08/05 11:55:06 | 000,000,162 | -H-- | M] () -- C:\Users\UKJAYS2009\Desktop\~$ble runners.docx
[2010/07/29 18:55:10 | 000,130,357 | ---- | M] () -- C:\Windows\hpoins18.dat
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 22:09:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/21 22:09:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/21 22:09:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/21 22:09:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/21 22:09:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/21 22:00:37 | 003,882,134 | R--- | C] () -- C:\Users\UKJAYS2009\Desktop\ComboFix.exe
[2010/10/21 06:12:14 | 000,080,384 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\MBRCheck.exe
[2010/10/20 22:39:37 | 000,294,912 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\ft9cq8zj.exe
[2010/10/20 22:02:26 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 19:43:30 | 001,211,285 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\tdsskiller.zip
[2010/10/19 18:42:16 | 000,544,768 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\dds.scr
[2010/10/18 08:29:47 | 000,010,166 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\Bathrooms.docx
[2010/10/17 09:32:33 | 000,000,165 | -H-- | C] () -- C:\Users\UKJAYS2009\Desktop\~$CathyStats.xlsx
[2010/10/15 09:53:48 | 000,569,776 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\CXC FP Risk Profile.pdf
[2010/10/14 07:33:54 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/12 18:17:54 | 000,021,847 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\CathyStats.xlsx
[2010/10/06 07:37:22 | 000,025,716 | ---- | C] () -- C:\Users\UKJAYS2009\Desktop\EliottEssayComments.docx
[2010/10/05 23:12:22 | 000,119,242 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\CHIEF ARCHITECT.docx
[2010/10/05 21:52:05 | 000,002,303 | ---- | C] () -- C:\Users\Public\Desktop\Chief Architect Premier X3 Trial Version.lnk
[2010/09/26 09:49:24 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/17 18:40:29 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/09/08 15:22:04 | 000,016,833 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\49 Farm Jobs.docx
[2010/08/26 16:08:56 | 001,252,352 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\8K Light PACYr9.ppt
[2010/08/23 18:25:13 | 000,010,133 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\Go forth into the world in peace.docx
[2010/08/23 18:21:02 | 000,002,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2010/08/23 18:21:02 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Menu.lnk
[2010/08/23 16:46:29 | 000,060,434 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\PAC Seating.pptm
[2010/08/22 15:01:54 | 252,823,987 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/17 13:38:54 | 000,049,031 | ---- | C] () -- C:\Users\UKJAYS2009\Documents\Earth Movements.pptx
[2010/08/08 16:01:23 | 000,003,120 | ---- | C] () -- C:\Windows\CQ8A6DDJ.ocx
[2010/08/08 15:50:36 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\EQ6.lnk
[2010/08/05 11:55:06 | 000,000,162 | -H-- | C] () -- C:\Users\UKJAYS2009\Desktop\~$ble runners.docx
[2010/07/29 18:52:25 | 000,130,898 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2010/07/29 18:52:25 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2010/03/02 03:40:27 | 000,001,473 | ---- | C] () -- C:\Windows\exampro32.ini
[2010/03/02 03:40:26 | 000,536,576 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2010/03/02 03:40:26 | 000,000,478 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2010/01/09 03:47:11 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2010/01/05 14:40:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/05 14:40:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/27 14:29:24 | 000,004,112 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/21 06:01:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/21 01:31:47 | 000,080,012 | ---- | C] () -- C:\Windows\leister.dll
[2009/05/11 03:20:11 | 000,107,008 | ---- | C] () -- C:\Users\UKJAYS2009\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/11 02:06:31 | 000,000,000 | ---- | C] () -- C:\Users\UKJAYS2009\AppData\Roaming\wklnhst.dat
[2009/05/11 02:03:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/11 00:55:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/05/11 00:55:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/05/11 00:55:23 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/05/11 00:55:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/09/23 00:21:34 | 000,127,092 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/08/21 02:45:46 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/08/08 03:37:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/08 03:37:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/08 03:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/08 03:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/08 03:37:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/08 03:37:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/08 03:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/08 03:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/08 02:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/25 04:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/25 04:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/25 04:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/25 04:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/25 04:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/25 04:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/02/15 16:52:12 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2008/02/08 08:13:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2007/11/29 05:51:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/12/09 00:09:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\tosdbt.sys
[2004/03/23 17:49:48 | 000,131,072 | ---- | C] () -- C:\Windows\System32\sfarkxt.dll
[2004/03/23 17:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\System32\SFARKL.DLL
[2003/07/31 13:33:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\TosHidAPI.dll
[2003/03/21 23:38:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtacc.dll
[2003/02/28 19:48:40 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TBTMonUI.dll
[2002/12/14 23:16:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\tosbthcrpapi.dll
[2002/06/06 15:58:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommApi.dll

jaygeoff · 2010/10/22

Part 2 of OTl.txt

========== LOP Check ==========

[2010/08/31 18:02:38 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\.smarttech-webinterface
[2009/09/08 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
[2009/11/14 07:50:19 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/10/05 22:10:29 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Chief Architect Premier X3 Trial Version
[2010/10/05 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\GetRightToGo
[2010/07/30 12:50:30 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Image Zone Express
[2009/05/21 19:48:27 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Lexmark Productivity Studio
[2009/05/17 03:46:27 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\myphotobook
[2009/09/02 07:24:37 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\NetLibCache
[2010/07/22 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Printer Info Cache
[2010/08/31 18:02:33 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\SMART Technologies
[2010/08/23 18:21:09 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\SMART Technologies Inc
[2009/05/11 02:06:45 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Template
[2010/03/29 00:49:27 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\TomTom
[2009/05/11 01:41:08 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Toshiba
[2009/09/19 07:30:52 | 000,000,000 | ---D | M] -- C:\Users\UKJAYS2009\AppData\Roaming\Vodafone
[2010/10/20 22:23:07 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< Download OTL to your Desktop. >

< >

< * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. >

< * Under the Custom Scan box paste this in: >

< >

< >

< >

< %SYSTEMDRIVE%\*.* >
[2006/09/19 08:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 17:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/08 01:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/21 22:25:20 | 000,013,167 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 08:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/02/01 19:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2010/03/02 03:37:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/02 03:37:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/03/01 02:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010/10/20 22:23:51 | 3396,595,712 | -HS- | M] () -- C:\pagefile.sys
[2009/05/11 00:51:26 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2008/11/12 03:07:57 | 000,000,176 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/10/19 19:47:08 | 000,061,366 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_19.10.2010_19.45.43_log.txt
[2010/10/19 20:02:38 | 000,059,726 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_19.10.2010_20.02.12_log.txt
[2010/10/19 20:24:32 | 000,059,726 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_19.10.2010_20.24.04_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 23:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 23:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 23:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/25 17:51:45 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 08:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 22:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 23:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2008/02/27 22:05:40 | 000,115,200 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxdndrpp.dll
[2006/10/27 05:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 13:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 14:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 14:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 14:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 21:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 21:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/25 20:44:38 | 000,000,574 | -HS- | M] () -- C:\Users\UKJAYS2009\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/21 22:01:54 | 003,882,134 | R--- | M] () -- C:\Users\UKJAYS2009\Desktop\ComboFix.exe
[2010/10/20 21:54:48 | 000,294,912 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\ft9cq8zj.exe
[2010/10/19 19:37:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\UKJAYS2009\Desktop\GooredFix.exe
[2010/10/20 21:52:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\UKJAYS2009\Desktop\mbam-setup-1.46.exe
[2010/10/20 21:56:54 | 000,080,384 | ---- | M] () -- C:\Users\UKJAYS2009\Desktop\MBRCheck.exe
[2010/10/22 20:57:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTL.exe
[2010/10/19 19:13:00 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\UKJAYS2009\Desktop\OTM.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/11 01:34:52 | 000,000,402 | -HS- | M] () -- C:\Users\UKJAYS2009\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/21 02:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
[2008/09/23 00:21:34 | 000,127,092 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/10/18 22:11:55 | 000,004,112 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

jaygeoff · 2010/10/22

Extras.txt

OTL Extras logfile created on: 22/10/2010 21:01:13 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\UKJAYS2009\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 30.52 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 109.87 Gb Free Space | 95.43% Space Free | Partition Type: NTFS

Computer Name: UKJAYS2009-PC | User Name: UKJAYS2009 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BA339DC-920A-48D6-9A05-818E578FFB5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D5AC9FF-8B83-4939-B2DE-9A1484AF5F9D}" = lport=138 | protocol=17 | dir=in | app=system |
"{4893629B-9BAB-4E00-8DFB-ED0FADBE71CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{72E19F49-602D-46AB-B940-08688104BB7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{760D5977-B7AC-4EF3-A50F-BCC8D12275EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{9E92B8E7-7799-4473-BC7A-1BAEC584935E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4E2C1CE-CFF6-455C-A05E-BAB69CC3ED70}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF902A74-8B78-41DA-B4E5-634E710DCE29}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA68D3BB-7400-4C53-AA95-E2A80970EA36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF81ACE0-90FF-4075-B543-D3A819A3E8C6}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2A6DA4-B2AD-4AE3-91CD-0FE298412A8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1364173B-9E6A-4349-A63E-3A13EA4B35A7}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\responsesoftwareservice.exe |
"{170B84ED-188C-4B32-981C-908E09DFF109}" = protocol=6 | dir=in | app=c:\program files\electric quilt company\eq6\eq6.exe |
"{174E57DF-9AD2-42D1-B47F-8A85EEA12956}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucgui.exe |
"{1F640FD1-13AC-4147-BF0A-695745351FCE}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{36C46026-D7D4-47D0-86E0-94FC0399C628}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F15336C-4D66-4B75-8867-14A8C93F46FD}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucgui.exe |
"{56CB85F6-E47D-4504-AD2C-786F0834D6FF}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\sync teacher\smartsyncteacher.exe |
"{59F8FF1E-5A3C-46A2-B2B2-BAF8622EBE2B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\sync teacher\smartsyncteacher.exe |
"{5A216822-3E24-4AF2-92FB-B53BD2B25AA8}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe |
"{63A96625-8681-428D-91B9-C36260D14769}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucservice.exe |
"{6A82E075-D6B6-47E2-B1C0-92A99E7D4895}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe |
"{6B11FC46-1EED-4DF6-8A83-FE485CC73D5D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E571374-D3CB-4AB6-A1B2-1F80F808276E}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{70CAD57F-161A-4192-85AC-6B72C927A0BC}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{7C30C5E9-E719-4508-8A8A-27AE02CEBE5D}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\webserver.exe |
"{7DE3D1D6-5CC6-4FD1-AEA2-D53F31A9F05E}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\webserver.exe |
"{8B97AD3F-7790-4D41-8615-BBBD3A185D41}" = protocol=17 | dir=in | app=c:\program files\electric quilt company\eq6\eq6.exe |
"{929998DF-4CDD-413F-89AF-CA950B802C2B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\responsesoftwareservice.exe |
"{9DF50AAB-CAD1-4460-8796-CEE01F495DB4}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucservice.exe |
"{A1E22C51-9625-41F6-97D2-0CF5E52E3131}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{AE68A3D5-03E8-417D-AA58-48C74CACE8F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B4787434-D2DF-4083-8E60-9BFEF8AD6E05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C081985D-B1F2-4320-915B-8F4026B117B0}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{C3B30944-9645-4525-B266-ACFB0ADCA6C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C58CD6C9-896E-4D27-AA22-AD5008935766}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E7740E12-BE23-48CC-BEA9-92CD106B391C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EF08155F-B322-4934-BD64-B6D016E9743B}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{F04D4911-9391-47CF-84ED-24E821C31FA8}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"TCP Query User{28E49E89-F7A0-4E41-84DE-48BDD53FCA86}C:\program files\smart technologies\classroom teacher\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe |
"TCP Query User{53B3C99B-D439-4EA6-B666-3D993F035E94}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7F8156F9-3A7E-4825-BD35-B27145CBA800}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{D94AC481-8ED4-4563-807B-B14F501D5FEF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E74E72A5-7F13-4384-81A8-715DAD8B6641}C:\program files\lexmark 2600 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"TCP Query User{EA5C65CF-E987-4607-A40D-519BFAEB4096}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"UDP Query User{385F5F90-3C18-4530-A3C8-B8893C150143}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"UDP Query User{487E97BA-C85F-42B5-B641-A7A4CBFCDCBE}C:\program files\smart technologies\classroom teacher\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe |
"UDP Query User{661A73A0-B26E-4B65-BE5F-D077975864F9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{771DA329-4DD3-441B-8901-DDBA2815ECD5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{929FF01E-3F53-4D97-9182-35B92F1FA4E7}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{FB350ECA-B177-429A-AAE2-5009BCDDF5F1}C:\program files\lexmark 2600 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12149783-577C-4520-B582-4241A934A8E7}" = e-Science
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeâ„¢ 4.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}" = Toshiba TEMPRO
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{327642CE-0F09-4C51-A20D-46CF41E5B2CA}" = Adobe FrameMaker Dependencies Driver
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66CF8BBF-6B75-45B6-BD29-748CBB9B9268}" = SMART Classroom Suite Teacher
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF6F138-FFFE-4588-824B-81AA3341C467}" = Adobe Setup
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5B47A9-FE5A-4f3b-AD78-33F048B46749}" = c7100_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E3800D9-93D8-4941-A9DF-3C3C6FBD1508}" = Adobe Setup
"{9E8A81B2-3A58-4A44-B8B6-292A55799344}" = Adobe FrameMaker CSTI Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B278515E-8466-4E07-B365-E654536F1273}" = Adobe FrameMaker 9
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B96C6380-4CF7-445F-8169-A82D39DE2CD8}" = Multimedia Science School
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Technika
"{D7365E26-4ECB-4373-BECE-C7C15B9CFDB6}" = C7100
"{D7B96D96-D9F4-40B7-B913-3D50BDD87C6F}" = Suite Shared Configuration CS4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F257EEBD-E4A2-42A1-8677-A88E15D42890}" = Chief Architect Premier X3 Trial Version
"{F4DC4269-C09A-4922-92F0-9DFC73B48799}" = Science Foundation Presents Physics 2
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Able2Extract v6.0" = Able2Extract v6.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe FrameMaker 9" = Adobe FrameMaker 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_20bf574378bb08d3099e85cddaea227" = Adobe FrameMaker Dependencies Driver
"Adobe_644fbe48c57332e6119b31672240508" = Adobe FrameMaker CSTI Driver
"Amazing Slow Downer EE" = Amazing Slow Downer (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Exampro AG_ADSCD" = Exampro AQA GCSE Additional Science Demo
"Exampro AG_BIO" = Exampro AQA GCSE Biology
"Exampro AG_CHEM" = Exampro AQA GCSE Chemistry
"Exampro AG_PHYS" = Exampro AQA GCSE Physics
"Exampro AG_SAMD" = Exampro AQA GCSE Science A Demo
"Exampro AG_SCI1D" = Exampro AQA GCSE Science B Demo
"Graboid Video" = Graboid Video 1.71e
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOCR" = HP OCR Software 8.0
"InstallShield_{12149783-577C-4520-B582-4241A934A8E7}" = e-Science
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"myphotobook" = myphotobook 3.6
"OUP Year 7 Framework Science" = OUP Year 7 Framework Science
"OUP Year 8 Framework Science" = OUP Year 8 Framework Science
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"Shockwave" = Shockwave
"SmartMusic Content" = SmartMusic Content (shared music files)
"SmartMusic for Essential Elements 2000 Band Book 1 Student Edition" = SmartMusic for Essential Elements 2000 Band Book 1 Student Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"VLC media player" = VLC media player 0.9.8a
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/05/2010 01:53:00 | Computer Name = UKJAYS2009-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 15/05/2010 01:54:10 | Computer Name = UKJAYS2009-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/05/2010 04:19:07 | Computer Name = UKJAYS2009-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x004500f7, process id 0xd60, application
start time 0x01caf3f2e70b2316.

Error - 15/05/2010 07:07:25 | Computer Name = UKJAYS2009-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 15/05/2010 07:08:02 | Computer Name = UKJAYS2009-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/05/2010 07:15:05 | Computer Name = UKJAYS2009-PC | Source = Google Update | ID = 20
Description =

Error - 15/05/2010 23:11:12 | Computer Name = UKJAYS2009-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 15/05/2010 23:12:23 | Computer Name = UKJAYS2009-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/05/2010 15:00:50 | Computer Name = UKJAYS2009-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 16/05/2010 15:02:04 | Computer Name = UKJAYS2009-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 31/12/2009 16:43:30 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error - 31/12/2009 16:44:20 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/01/2010 21:51:22 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/01/2010 21:52:55 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/01/2010 21:54:51 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 39 seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/07/2010 20:28:40 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 60 seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/07/2010 06:37:27 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20998
seconds with 660 seconds of active time. This session ended with a crash.

Error - 23/08/2010 21:27:21 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 80 seconds with 60 seconds of active time. This session ended with a crash.

Error - 25/08/2010 21:08:42 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/08/2010 18:04:20 | Computer Name = UKJAYS2009-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 86 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/10/2010 04:51:20 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 19/10/2010 05:21:13 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/10/2010 05:22:52 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 20/10/2010 07:17:45 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20/10/2010 07:19:27 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 20/10/2010 07:25:39 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20/10/2010 07:27:21 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 21/10/2010 07:00:34 | Computer Name = UKJAYS2009-PC | Source = bowser | ID = 8003
Description =

Error - 21/10/2010 07:12:12 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 21/10/2010 07:19:15 | Computer Name = UKJAYS2009-PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >

broni · 2010/10/22

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - Startup: C:\Users\UKJAYS2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2010/08/08 16:01:23 | 000,003,120 | ---- | C] () -- C:\Windows\CQ8A6DDJ.ocx


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

jaygeoff · 2010/10/23

OTL results

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
C:\Users\UKJAYS2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\SPL9065.tmp deleted successfully.
C:\ProgramData\SPLC0EC.tmp deleted successfully.
C:\Windows\CQ8A6DDJ.ocx moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: UKJAYS2009
->Temp folder emptied: 4328549 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76342613 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1257 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570582 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UKJAYS2009
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_231509

Files\Folders moved on Reboot...
File\Folder C:\Users\UKJAYS2009\AppData\Local\Temp\WER4943.tmp.hdmp not found!

Registry entries deleted on Reboot...

Thanks for your help once again. I did not realise that there would be so much to do

jaygeoff · 2010/10/23

Securit Check results

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Premium
McAfee Security Scan Plus
Exampro AQA GCSE Biology
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
TOSHIBA Toshiba Online Product Information TOPI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

jaygeoff · 2010/10/23

Temp File Cleaner

Hmm This is wierd

When I click on the Temp File Cleaner URL Avira gives me the following page

Warning
In order not to compromise your security, this page will not be accessed

The requested URL was identified as a potentially harmful website.
Further information as to why this page was blocked can be found here. A description of how you can unlock for this page you can find here.
Requested URL: http://oldtimer.geekstogo.com/TFC.exe
Category/categories:
Malware
Generated by AntiVir WebGuard 10.0.17.0

Is it really Malware? I can unlock the website in AVIRA to download it however is it safe?
I know it probably is since it came from you but you can understand my nervousness at present!!!!!

broni · 2010/10/23

I understand
Disregard Avira warning.

jaygeoff · 2010/10/23

ESET online scanner

No threats found.

broni · 2010/10/23

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

jaygeoff · 2010/10/24

OTL results

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: UKJAYS2009
->Temp folder emptied: 58468 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62394926 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1714 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3009804 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UKJAYS2009
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Thanks for all your help

broni · 2010/10/24

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved Google Redirect virus

jaygeoff Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Google Redirect virus

jaygeoff Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

jaygeoff Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches