PDA

View Full Version : Spybot unable to remove malware for redirects



JackFlash68
2010-11-06, 13:05
Here is my DDS log. I keep getting redirected from Google. Spybot identified the problem, but I get the error message. I've zipped the attach file. The spybot results are there too, but show that I didn't do a full scan. Ignore this as all the problems are there.

Anyway, thanks in advance for your help. Let me know if you need any more info.

DDS (Ver_10-11-05.01) - NTFS_AMD64
Run by Graeme Dare at 10:45:33.01 on 06/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3003.1548 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Adblock Pro\abpmain.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Graeme Dare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZCPI7T\dds[1].scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - C:\Program Files (x86)\alot\bin\alot.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-10-27 233488]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-19 89600]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-7 227896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-6 1153368]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-3 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-11-06 09:54:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-06 09:54:48 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-06 09:45:31 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F6A2B318-4082-422F-B44F-7379773BCA76}\mpengine.dll
2010-11-05 18:27:14 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-05 18:27:11 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-11-05 18:26:48 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-03 21:19:39 -------- d-----w- C:\Program Files (x86)\Adblock Pro
2010-11-01 20:20:07 -------- d-----w- C:\Users\GRAEME~1\AppData\Local\WinZip
2010-10-31 11:29:53 -------- d-----w- C:\Users\GRAEME~1\AppData\Roaming\Chessmaster Challenge
2010-10-30 02:46:55 -------- d-----w- C:\Users\GRAEME~1\AppData\Local\CrashDumps
2010-10-30 01:50:46 -------- d-----w- C:\Users\GRAEME~1\AppData\Local\Microsoft Games
2010-10-27 20:51:53 -------- d-----w- C:\Users\GRAEME~1\AppData\Roaming\WildTangent
2010-10-27 19:01:17 -------- d-----w- C:\Users\GRAEME~1\AppData\Roaming\Malwarebytes
2010-10-27 19:01:07 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-27 19:01:06 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-27 19:01:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-27 19:01:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-27 18:56:16 -------- d-----w- C:\Users\GRAEME~1\AppData\Local\Adobe
2010-10-27 18:45:42 -------- d-----w- C:\PROGRA~3\LightScribe
2010-10-27 18:45:25 -------- d-----w- C:\Program Files (x86)\alot
2010-10-27 18:27:58 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-10-27 18:27:58 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-10-27 18:27:53 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-10-27 18:27:44 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-10-27 18:27:02 -------- d-----w- C:\Users\GRAEME~1\AppData\Roaming\PC Tools
2010-10-27 18:27:02 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-10-27 18:27:02 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-10-27 18:27:02 -------- d-----w- C:\PROGRA~3\PC Tools
2010-10-27 17:58:47 -------- d-----w- C:\Program Files (x86)\CAM Development
2010-10-27 17:43:15 -------- d-sh--w- C:\Users\GRAEME~1\AppData\Roaming\Smart Engine
2010-10-27 17:43:15 -------- d-sh--w- C:\PROGRA~3\SMMFDNSYSSE
2010-10-27 17:42:57 -------- d-sh--w- C:\PROGRA~3\2656f0
2010-10-27 12:08:29 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 12:08:29 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 12:08:28 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 12:08:27 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 12:08:27 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 12:08:27 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 12:08:27 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 12:08:05 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-25 11:14:22 -------- d-----w- C:\Users\GRAEME~1\AppData\Roaming\Philipp Winterberg
2010-10-25 11:14:21 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-10-25 11:14:09 -------- d-----w- C:\Program Files (x86)\RarZilla Free Unrar
2010-10-23 07:51:18 -------- d-----w- C:\Windows\en
2010-10-23 07:46:05 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-23 07:46:05 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-23 07:46:03 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-23 07:46:03 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-23 07:45:39 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\475281ee1cb728611\InstallManager_WLE_WLE.exe
2010-10-23 07:45:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4514d64c1cb728610\DSETUP.dll
2010-10-23 07:45:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4514d64c1cb728610\DXSETUP.exe
2010-10-23 07:45:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4514d64c1cb728610\dsetup32.dll
2010-10-23 07:45:31 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\432356b31cb72860f\DXSETUP.exe
2010-10-23 07:45:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\432356b31cb72860f\dsetup32.dll
2010-10-23 07:45:30 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\432356b31cb72860f\DSETUP.dll
2010-10-23 07:44:33 -------- d-----w- C:\Users\GRAEME~1\AppData\Local\Windows Live
2010-10-23 07:43:37 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-23 07:43:36 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-23 07:43:36 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-23 07:43:36 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-23 07:43:36 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-23 07:43:35 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-23 07:43:34 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-09 00:22:28 -------- d-----w- C:\Users\GRAEME~1\AppData\Local\Diagnostics

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 03:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 10:46:42.95 ===============

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

User abort!: Scan was not completed successfully. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2010-11-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-03 Includes\Hijackers.sbi (*)
2010-11-03 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-11-02 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-11-02 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Any help would be very much appreciated. This thing is really getting on my wick!!

Blade81
2010-11-20, 11:28
Hi,

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

JackFlash68
2010-11-20, 20:58
Thanks for the reply. Here's the OTL text.....

OTL logfile created on: 11/20/2010 6:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Graeme Dare\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.42 Gb Total Space | 231.23 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 2.09 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: GRAEMEDARE-PC | User Name: Graeme Dare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Graeme Dare\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Adblock Pro\abpmain.exe (Adblock Pro Team)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Graeme Dare\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RapportLaunService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe (Trusteer Ltd.)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys File not found
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportKE64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys (Trusteer Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/10/27 18:14:00 | 000,002,810 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.75.207.106 www.google.com
O1 - Hosts: 94.75.207.106 google.com
O1 - Hosts: 94.75.207.106 google.com.au
O1 - Hosts: 94.75.207.106 www.google.com.au
O1 - Hosts: 94.75.207.106 google.be
O1 - Hosts: 94.75.207.106 www.google.be
O1 - Hosts: 94.75.207.106 google.com.br
O1 - Hosts: 94.75.207.106 www.google.com.br
O1 - Hosts: 94.75.207.106 google.ca
O1 - Hosts: 94.75.207.106 www.google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adblock Pro) - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html ()
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O9 - Extra 'Tools' menuitem : Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 18:50:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Graeme Dare\Desktop\OTL.exe
[2010/11/09 22:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\378C
[2010/11/09 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\Documents\My Received Files
[2010/11/09 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\Documents\BearShare
[2010/11/09 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\BearShare
[2010/11/09 22:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2010/11/09 22:54:36 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\PackageAware
[2010/11/06 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Windows Live Writer
[2010/11/06 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Windows Live Writer
[2010/11/06 09:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/06 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/05 18:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/05 18:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/03 21:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adblock Pro
[2010/11/01 20:20:07 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\WinZip
[2010/11/01 20:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/01 20:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/10/31 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Chessmaster Challenge
[2010/10/30 02:46:55 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\CrashDumps
[2010/10/30 01:50:46 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Microsoft Games
[2010/10/27 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\WildTangent
[2010/10/27 19:01:17 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Malwarebytes
[2010/10/27 19:01:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/27 19:01:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/27 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/27 19:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/27 18:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/27 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Adobe
[2010/10/27 18:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/10/27 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/27 18:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alot
[2010/10/27 18:27:58 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/10/27 18:27:58 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/10/27 18:27:53 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/10/27 18:27:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\PC Tools
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/10/27 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\Documents\My Google Gadgets
[2010/10/27 17:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAM Development
[2010/10/27 17:43:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMMFDNSYSSE
[2010/10/27 17:43:15 | 000,000,000 | -HSD | C] -- C:\Users\Graeme Dare\AppData\Roaming\Smart Engine
[2010/10/27 17:42:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\2656f0
[2010/10/27 12:08:29 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 12:08:29 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 12:08:28 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 12:08:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 12:08:27 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 12:08:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 12:08:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 12:08:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/25 11:14:22 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Philipp Winterberg
[2010/10/25 11:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RarZilla Free Unrar
[2010/10/23 07:51:18 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/23 07:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/23 07:46:05 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/23 07:46:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/23 07:46:03 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/23 07:46:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/10/23 07:44:33 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Windows Live
[2010/10/23 07:43:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/23 07:43:36 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/23 07:43:36 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/23 07:43:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/23 07:43:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/23 07:43:35 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/23 07:43:34 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/21 21:02:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/21 21:01:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/21 21:01:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/21 21:01:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 30 Days ==========

[2010/11/20 18:52:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 18:52:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 18:50:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme Dare\Desktop\OTL.exe
[2010/11/20 18:45:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/20 18:45:24 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 10:57:16 | 000,003,126 | ---- | M] () -- C:\Users\Graeme Dare\Desktop\Attach.zip
[2010/11/06 09:55:09 | 000,001,286 | ---- | M] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/06 09:55:09 | 000,001,262 | ---- | M] () -- C:\Users\Graeme Dare\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 18:30:33 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/05 18:27:13 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/03 21:19:41 | 000,001,035 | ---- | M] () -- C:\Users\Graeme Dare\Desktop\Adblock Pro.lnk
[2010/11/01 20:19:59 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/10/31 21:33:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/31 21:33:25 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/31 21:33:25 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/31 11:28:19 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Play Chessmaster Challenge.lnk
[2010/10/27 19:01:10 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:56:42 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011208.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011207.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011206.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011205.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011204.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011203.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011201.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011135.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011134.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011133.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011132.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011131.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011130.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011129.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011127.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011111.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011110.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011109.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011108.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011107.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011104.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011045.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011041.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-010527.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101110-132126.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101110-132125.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101110-132118.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103928.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103927.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103049.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103040.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/27 18:13:50 | 000,001,636 | ---- | M] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/10/25 11:14:12 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk

========== Files Created - No Company Name ==========

[2010/11/06 10:57:16 | 000,003,126 | ---- | C] () -- C:\Users\Graeme Dare\Desktop\Attach.zip
[2010/11/06 09:55:09 | 000,001,286 | ---- | C] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/06 09:55:09 | 000,001,262 | ---- | C] () -- C:\Users\Graeme Dare\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 18:27:14 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/05 18:27:13 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/03 21:19:41 | 000,001,035 | ---- | C] () -- C:\Users\Graeme Dare\Desktop\Adblock Pro.lnk
[2010/11/01 20:19:59 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/10/31 11:28:19 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Play Chessmaster Challenge.lnk
[2010/10/27 19:01:10 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:56:42 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/27 18:27:58 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/10/27 18:27:54 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/10/27 18:27:44 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/10/27 17:43:19 | 000,001,636 | ---- | C] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/10/25 11:14:12 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk
[2010/08/02 16:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Graeme Dare\AppData\Local\QSwitch.txt
[2010/08/02 16:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Graeme Dare\AppData\Local\DSwitch.txt
[2010/08/02 16:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Graeme Dare\AppData\Local\AtStart.txt
[2010/08/02 16:53:35 | 000,000,363 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/11/07 04:20:14 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/11/07 04:17:06 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/11/07 04:16:13 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/11/07 04:15:46 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/11/05 09:40:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/11/05 09:40:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/11/05 09:40:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/11/05 09:40:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/11/05 09:39:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/11/05 09:26:40 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009/11/05 09:26:40 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 23:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/11/20 18:45:24 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/13 11:19:18 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/11/20 18:45:29 | 3148,795,904 | -HS- | M] () -- C:\pagefile.sys
[2010/11/01 20:13:04 | 000,000,460 | ---- | M] () -- C:\rkill.log
[2010/10/27 18:45:28 | 000,005,902 | ---- | M] () -- C:\scramble.log
[2010/09/13 21:41:40 | 000,000,184 | ---- | M] () -- C:\setup.log
[2010/11/01 20:23:17 | 000,060,910 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_01.11.2010_20.21.04_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

JackFlash68
2010-11-20, 20:59
Here's the Extras text.....

OTL Extras logfile created on: 11/20/2010 6:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Graeme Dare\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.42 Gb Total Space | 231.23 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 2.09 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: GRAEMEDARE-PC | User Name: Graeme Dare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18F78B1A-964A-442C-BCE5-1FF4CBACAD90}" = ConstructionSkills
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adblock Pro" = Adblock Pro 3.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"alotToolbar" = ALOT Toolbar
"EasyBits Magic Desktop" = Magic Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"RarZilla Free Unrar" = RarZilla Free Unrar
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"Veetle TV" = Veetle TV 0.9.18
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-ae0f2000-e20e-480e-8de0-33780a90f833" = Chessmaster Challenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2010 10:46:43 PM | Computer Name = GraemeDare-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunes.exe, version: 10.0.1.22, time stamp:
0x4c9c64ce Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000374 Fault offset: 0x000cdc9b Faulting process id:
0x1110 Faulting application start time: 0x01cb77b94e2f91a9 Faulting application path:
C:\Program Files (x86)\iTunes\iTunes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: ed58b03e-e3cf-11df-b327-c80aa954aef5

Error - 10/29/2010 10:46:57 PM | Computer Name = GraemeDare-PC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/29/2010 10:46:57 PM | Computer Name = GraemeDare-PC | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/29/2010 10:46:57 PM | Computer Name = GraemeDare-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/29/2010 10:46:57 PM | Computer Name = GraemeDare-PC | Source = Bonjour Service | ID = 100
Description = 352: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/30/2010 12:33:41 AM | Computer Name = GraemeDare-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/31/2010 7:28:57 AM | Computer Name = GraemeDare-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: -1073741702 (0xc000007a).

Error - 11/2/2010 6:49:58 PM | Computer Name = GraemeDare-PC | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/5/2010 3:16:26 PM | Computer Name = GraemeDare-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16671 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10cc Start
Time: 01cb7d178f7ac67c Termination Time: 47 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 26023d72-e911-11df-9edd-c80aa954aef5

Error - 11/6/2010 6:56:22 AM | Computer Name = GraemeDare-PC | Source = ESENT | ID = 215
Description = wlmail (224) WindowsLiveMail0: The backup has been stopped because
it was halted by the client or the connection with the client failed.

[ System Events ]
Error - 10/31/2010 12:57:15 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 10/31/2010 1:57:21 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 10/31/2010 5:28:29 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/1/2010 3:05:26 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/2/2010 8:55:25 AM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/2/2010 2:00:33 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/2/2010 5:59:51 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/2/2010 11:02:17 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/3/2010 8:54:13 AM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/3/2010 3:06:53 PM | Computer Name = GraemeDare-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

Blade81
2010-11-21, 00:21
Hi,

Update MBAM, run a full scan and remove found items. Post back its report.

JackFlash68
2010-11-21, 13:13
The scan said it found no malicious items. Here's the log file.....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5162

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/11/2010 10:58:06
mbam-log-2010-11-21 (10-58-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 328442
Time elapsed: 46 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81
2010-11-21, 17:07
Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
[2010/11/09 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\Documents\BearShare
[2010/11/09 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\BearShare
[2010/10/27 17:43:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMMFDNSYSSE
[2010/10/27 17:43:15 | 000,000,000 | -HSD | C] -- C:\Users\Graeme Dare\AppData\Roaming\Smart Engine
[2010/10/27 17:42:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\2656f0
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011208.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011207.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011206.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011205.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011204.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011203.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011201.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011135.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011134.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011133.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011132.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011131.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011130.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011129.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011127.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011111.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011110.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011109.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011108.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011107.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011104.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011045.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-011041.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101120-010527.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101110-132126.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101110-132125.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101110-132118.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103928.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103927.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103049.backup
[2010/10/27 18:14:00 | 000,002,810 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101106-103040.backup
:Commands
[emptytemp]
[resethosts]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post OTL result log.



Get Adobe Reader update 9.4.1 here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.


Uninstall these old Javas:
Java(TM) 6 Update 15 (64-bit)
Java(TM) SE Development Kit 6 Update 15 (64-bit)


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).

Post back its report & fresh OTL.txt log.

JackFlash68
2010-11-21, 19:55
Here's the first OTL log......

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
C:\Users\Graeme Dare\Documents\BearShare folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\Temp folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\Partials folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\IMPictures folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\Data\BackUp folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\Data folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\CreativesFiles folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare\Artwork folder moved successfully.
C:\Users\Graeme Dare\AppData\Local\BearShare folder moved successfully.
C:\ProgramData\SMMFDNSYSSE folder moved successfully.
C:\Users\Graeme Dare\AppData\Roaming\Smart Engine folder moved successfully.
C:\ProgramData\2656f0\SMESys folder moved successfully.
C:\ProgramData\2656f0\Quarantine Items folder moved successfully.
C:\ProgramData\2656f0 folder moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011208.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011207.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011206.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011205.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011204.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011203.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011201.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011135.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011134.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011133.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011132.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011131.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011130.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011129.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011127.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011111.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011110.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011109.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011108.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011107.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011104.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011045.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-011041.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101120-010527.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101110-132126.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101110-132125.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101110-132118.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101106-103928.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101106-103927.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101106-103049.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101106-103040.backup moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Graeme Dare
->Temp folder emptied: 10610653 bytes
->Temporary Internet Files folder emptied: 156453367 bytes
->Java cache emptied: 8601132 bytes
->Apple Safari cache emptied: 10583040 bytes
->Flash cache emptied: 64515 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3294432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 181.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11212010_174800

Files\Folders moved on Reboot...
C:\Users\Graeme Dare\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Graeme Dare\AppData\Local\Temp\~DF3B3438E10C5CC969.TMP not found!
File\Folder C:\Users\Graeme Dare\AppData\Local\Temp\~DF3CA6B6EC035F4783.TMP not found!
File\Folder C:\Users\Graeme Dare\AppData\Local\Temp\~DF4B5458677D3BFE45.TMP not found!
File\Folder C:\Users\Graeme Dare\AppData\Local\Temp\~DF8C221AA4C0759AD4.TMP not found!
File\Folder C:\Users\Graeme Dare\AppData\Local\Temp\~DF9447D553E8664A98.TMP not found!
File\Folder C:\Users\Graeme Dare\AppData\Local\Temp\~DFD693520F59E55765.TMP not found!
C:\Users\Graeme Dare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Graeme Dare\AppData\Roaming\Trusteer\Rapport\user\logs\koan.4296.log moved successfully.
C:\Users\Graeme Dare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HVKVRNG7\showthread[1].php moved successfully.
C:\Users\Graeme Dare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Graeme Dare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

JackFlash68
2010-11-21, 20:58
I've installed the latest Adobe Reader. I couldn't find an old version of Shockwave I had so I couldn't delete it. I've installed Shockwave now. The Java items have been uninstalled.

I opened the link to Kaspersky and after accepting the conditions it seemed to be updating ok, but then said "Update has failed. Program could not be started." The message then said to check my internet connection (which is working fine) and then had an error message "Error: License has expired".

When I went back to try Kaspersky again I got the same message, but it happened before any updating had started. The first one had been running a good 10 mins before I got the error message,

I thought it may have been because I was running Microsoft Essentials, but after uninstalling that I still got the Error message.

JackFlash68
2010-11-21, 21:06
I just noticed when I ran it there that the program download and update have been loaded successfully. When it goes to the database update the program fails.

Blade81
2010-11-22, 13:40
Hi,

Let's use ESET scanner instead:
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish. Post back the report (if bad items found) + OTL.txt log.

JackFlash68
2010-11-22, 19:59
Hi there, cheers for your help.

When I hit the "ESET online scanner" button nothing happens. Do I need administrator privilages for the scan? If so, how do I do this?

Blade81
2010-11-23, 08:16
Hi,

Reset IE settings by following steps here (http://support.microsoft.com/kb/923737). Then try to run ESET online scanner again.

JackFlash68
2010-11-23, 21:54
The scan found no infected files.

Here's the OTL log after the scan.............

OTL logfile created on: 11/23/2010 7:50:28 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Graeme Dare\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.42 Gb Total Space | 228.91 Gb Free Space | 80.20% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 2.09 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: GRAEMEDARE-PC | User Name: Graeme Dare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Graeme Dare\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Graeme Dare\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (RapportLaunService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe (Trusteer Ltd.)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys File not found
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportKE64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys (Trusteer Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/11/21 17:49:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adblock Pro) - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O9 - Extra 'Tools' menuitem : Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 18:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/22 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/22 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/22 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/22 21:23:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/21 19:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/21 19:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/21 18:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/11/21 17:48:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/20 18:50:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Graeme Dare\Desktop\OTL.exe
[2010/11/09 22:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\378C
[2010/11/09 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\Documents\My Received Files
[2010/11/09 22:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2010/11/09 22:54:36 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\PackageAware
[2010/11/06 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Windows Live Writer
[2010/11/06 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Windows Live Writer
[2010/11/06 09:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/06 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/05 18:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/05 18:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/03 21:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adblock Pro
[2010/11/01 20:20:07 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\WinZip
[2010/11/01 20:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/01 20:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/10/31 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Chessmaster Challenge
[2010/10/30 02:46:55 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\CrashDumps
[2010/10/30 01:50:46 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Microsoft Games
[2010/10/27 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\WildTangent
[2010/10/27 19:01:17 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Malwarebytes
[2010/10/27 19:01:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/27 19:01:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/27 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/27 19:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/27 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Local\Adobe
[2010/10/27 18:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/10/27 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/27 18:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alot
[2010/10/27 18:27:58 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/10/27 18:27:58 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/10/27 18:27:53 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/10/27 18:27:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\PC Tools
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/27 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/10/27 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\Documents\My Google Gadgets
[2010/10/27 17:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAM Development
[2010/10/27 12:08:29 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 12:08:29 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 12:08:28 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 12:08:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 12:08:27 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 12:08:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 12:08:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 12:08:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/25 11:14:22 | 000,000,000 | ---D | C] -- C:\Users\Graeme Dare\AppData\Roaming\Philipp Winterberg
[2010/10/25 11:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RarZilla Free Unrar

========== Files - Modified Within 30 Days ==========

[2010/11/23 18:23:49 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 18:23:49 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 18:16:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/23 18:16:14 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 21:27:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/21 19:07:27 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/21 18:00:34 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/11/21 17:49:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/11/20 18:50:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme Dare\Desktop\OTL.exe
[2010/11/06 10:57:16 | 000,003,126 | ---- | M] () -- C:\Users\Graeme Dare\Desktop\Attach.zip
[2010/11/06 09:55:09 | 000,001,286 | ---- | M] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/06 09:55:09 | 000,001,262 | ---- | M] () -- C:\Users\Graeme Dare\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 18:30:33 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/05 18:27:13 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/03 21:19:41 | 000,001,035 | ---- | M] () -- C:\Users\Graeme Dare\Desktop\Adblock Pro.lnk
[2010/11/01 20:19:59 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/10/31 21:33:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/31 21:33:25 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/31 21:33:25 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/31 11:28:19 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Play Chessmaster Challenge.lnk
[2010/10/27 19:01:10 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:13:50 | 000,001,636 | ---- | M] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/10/25 11:14:12 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk

========== Files Created - No Company Name ==========

[2010/11/22 21:27:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/21 19:07:27 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/21 18:00:34 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/11/06 10:57:16 | 000,003,126 | ---- | C] () -- C:\Users\Graeme Dare\Desktop\Attach.zip
[2010/11/06 09:55:09 | 000,001,286 | ---- | C] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/06 09:55:09 | 000,001,262 | ---- | C] () -- C:\Users\Graeme Dare\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 18:27:14 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/05 18:27:13 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/03 21:19:41 | 000,001,035 | ---- | C] () -- C:\Users\Graeme Dare\Desktop\Adblock Pro.lnk
[2010/11/01 20:19:59 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/10/31 11:28:19 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Play Chessmaster Challenge.lnk
[2010/10/27 19:01:10 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:27:58 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/10/27 18:27:54 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/10/27 18:27:44 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/10/27 17:43:19 | 000,001,636 | ---- | C] () -- C:\Users\Graeme Dare\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/10/25 11:14:12 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk
[2010/08/02 16:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Graeme Dare\AppData\Local\QSwitch.txt
[2010/08/02 16:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Graeme Dare\AppData\Local\DSwitch.txt
[2010/08/02 16:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Graeme Dare\AppData\Local\AtStart.txt
[2010/08/02 16:53:35 | 000,000,271 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/11/07 04:20:14 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/11/07 04:17:06 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/11/07 04:16:13 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/11/07 04:15:46 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/11/05 09:40:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/11/05 09:40:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/11/05 09:40:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/11/05 09:40:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/11/05 09:39:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/11/05 09:26:40 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009/11/05 09:26:40 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 23:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Blade81
2010-11-24, 07:31
Good. How's the redirect issue now?

JackFlash68
2010-11-24, 14:59
I ran Spybot and there were no redirects listed after the scan.......I think you've done it!!

Cheers for that. Well appreciated.

Blade81
2010-11-24, 17:41
Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Blade81
2010-11-30, 07:59
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.