Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop problems DDS problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Laptop problems DDS problems

Unread postby microw » March 17th, 2011, 4:29 am

Hi, previously posted here about problems I was having with laptop and that I couldnt download DDS. Someone was kind enough to suggest using rkill and try DDS again and post back in here. I managed to download And run DDS but cant create logs, thewindow opens and progress bar gets about 70% but then everything hangs. I have left it like this for 15 mins. I can run hijack this and create logs and other malware progs.

Thanks
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm
Advertisement
Register to Remove

Re: Laptop problems DDS problems

Unread postby melboy » March 17th, 2011, 1:50 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=============================


DDS

Temporarily disable Mcafee

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Image


  • Double click dds.scr to run the tool. A command window will appear, this is normal.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 17th, 2011, 5:21 pm

Hi,

thanks for getting back to me. The macafee is BT net protect plus and does not have the interfaces as described in the link you provide. I have turned off the firewall and turned off realtime scanning but still get macafee pop ups when running DDS and DDS still hangs. I can not see how to turn this version of macafee off.

Cheers
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 17th, 2011, 5:32 pm

Hi

OK, we'll try something else.




OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.



MBR Rootkit Detector

Please download MBR.exe by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Start > Run. Copy and paste the contents of the codebox below into the run box (Do Not include Code:), then click OK :
Code: Select all
CMD /C \mbr -t >Log.txt&Log.txt&del Log.txt

A log will be generated, Post the contents in your next reply.




In your next reply:
  1. OTL.txt
  2. Extras.txt
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 17th, 2011, 6:23 pm

Ok, I will give it a try.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby microw » March 17th, 2011, 6:44 pm

otl scans

OTL logfile created on: 17/03/2011 22:41:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Wayne Nation\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.38 Gb Total Space | 14.66 Gb Free Space | 55.59% Space Free | Partition Type: FAT32
Drive D: | 26.55 Gb Total Space | 25.54 Gb Free Space | 96.20% Space Free | Partition Type: FAT32
Drive F: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TANZY | User Name: Wayne Nation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/17 22:40:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
PRC - [2010/12/03 19:43:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/01/28 13:48:00 | 010,035,448 | ---- | M] (3Connect) -- C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/21 18:54:48 | 000,348,160 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2003/07/11 20:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
PRC - [2002/05/24 13:54:02 | 000,357,376 | ---- | M] () -- C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/03/17 22:40:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/09/18 07:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 00:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/10/07 23:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll
MOD - [2002/05/02 01:10:46 | 000,073,728 | ---- | M] () -- C:\Program Files\iWare\iWare Mouse\3.2\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/12/16 13:43:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2005/07/25 20:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/28 18:59:16 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/25 06:47:42 | 000,485,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/04/03 08:41:36 | 000,030,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/news/uk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 20:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/15 20:04:04 | 000,000,000 | ---D | M]

[2011/03/15 20:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne Nation\Application Data\Mozilla\Extensions
[2011/03/15 20:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne Nation\Application Data\Mozilla\Firefox\Profiles\uhbt031n.default\extensions
[2011/03/15 20:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/15 22:41:04 | 000,430,966 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14835 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe ()
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,027,750 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ebf99d5f-4f3d-11e0-9b8c-00c09f94c654}\Shell - "" = AutoRun
O33 - MountPoints2\{ebf99d5f-4f3d-11e0-9b8c-00c09f94c654}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebf99d5f-4f3d-11e0-9b8c-00c09f94c654}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/17 22:40:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
[2011/03/17 21:56:52 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2011/03/17 20:50:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/16 23:08:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne Nation\Recent
[2011/03/16 22:41:36 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2011/03/15 22:20:40 | 000,191,510 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Wayne Nation\Desktop\StartUpLite.exe
[2011/03/15 20:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\My Documents\Downloads
[2011/03/15 20:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\Mozilla
[2011/03/15 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Application Data\Mozilla
[2011/03/15 20:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 19:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Application Data\Birdstep Technology
[2011/03/15 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/03/15 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2011/03/15 19:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3 Mobile Broadband
[2011/03/15 19:57:20 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2011/03/15 19:57:20 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2011/03/15 19:57:20 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2011/03/15 19:57:20 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2011/03/15 19:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2011/03/15 19:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2011/03/14 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\My Documents\New Folder
[2011/03/06 17:16:51 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/03/06 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/03/06 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/06 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Start Menu\Programs\HiJackThis
[2011/03/06 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/06 15:41:39 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Wayne Nation\My Documents\ccsetup304.exe
[2011/03/06 15:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Application Data\Malwarebytes
[2011/03/06 15:38:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/06 15:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/06 15:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/06 15:38:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/06 15:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/06 15:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/06 15:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/06 15:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/06 15:31:32 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Nation\My Documents\mbam-setup.exe
[2011/03/06 15:28:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Wayne Nation\My Documents\spybotsd162.exe
[2006/06/21 16:22:43 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2006/06/21 16:22:42 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2006/06/21 16:22:42 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcoms.exe
[2006/06/21 16:22:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2006/06/21 16:22:42 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfih.exe
[2006/06/21 16:22:42 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2006/06/21 16:22:42 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2006/06/21 16:22:41 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2006/06/21 16:22:41 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Wayne Nation\My Documents\*.tmp files -> C:\Documents and Settings\Wayne Nation\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/17 22:40:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
[2011/03/17 22:38:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/17 22:38:24 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/03/17 22:37:30 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/17 22:37:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/17 22:37:00 | 1273,548,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/17 21:45:58 | 062,623,864 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\setup_av_free.exe
[2011/03/17 21:17:04 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/16 23:13:48 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/03/16 23:11:52 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\HiJackThis.lnk
[2011/03/16 21:55:18 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\dds.scr
[2011/03/15 22:21:04 | 000,191,510 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Wayne Nation\Desktop\StartUpLite.exe
[2011/03/15 20:04:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/15 20:04:12 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/15 20:04:12 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/15 19:57:28 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/03/15 19:57:26 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2011/03/15 19:53:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/12 21:00:48 | 000,120,304 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\cc_20110312_210016.reg
[2011/03/06 15:42:38 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/06 15:41:48 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Wayne Nation\My Documents\ccsetup304.exe
[2011/03/06 15:38:10 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 15:33:02 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/06 15:33:02 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\Spybot - Search & Destroy.lnk
[2011/03/06 15:31:32 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Nation\My Documents\mbam-setup.exe
[2011/03/06 15:28:48 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Wayne Nation\My Documents\spybotsd162.exe
[2011/02/28 23:25:34 | 000,141,841 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\http___www.pcs.planningportal.gov.uk_pcsportal_fscdav_READONLY_OBJ=COO.2036.300.12.2855646&NAME=_DECISION.pdf
[2011/02/24 19:27:50 | 000,784,159 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\complete TM01_termination_of_appointment_of_director.pdf
[2011/02/20 17:03:00 | 000,746,851 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\director termination.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Wayne Nation\My Documents\*.tmp files -> C:\Documents and Settings\Wayne Nation\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/17 21:40:05 | 062,623,864 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\setup_av_free.exe
[2011/03/16 21:55:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\dds.scr
[2011/03/15 20:04:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/15 20:04:10 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/15 20:04:10 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/15 19:57:26 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/03/15 19:57:25 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2011/03/15 19:57:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/03/14 20:51:02 | 1273,548,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/14 20:24:27 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/03/14 20:24:27 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
[2011/03/14 20:24:27 | 000,001,421 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
[2011/03/12 21:00:19 | 000,120,304 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\cc_20110312_210016.reg
[2011/03/06 16:25:41 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\HiJackThis.lnk
[2011/03/06 15:42:36 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/06 15:38:08 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 15:33:00 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/06 15:33:00 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\Spybot - Search & Destroy.lnk
[2011/02/28 23:25:33 | 000,141,841 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\http___www.pcs.planningportal.gov.uk_pcsportal_fscdav_READONLY_OBJ=COO.2036.300.12.2855646&NAME=_DECISION.pdf
[2011/02/22 20:32:25 | 000,784,159 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\complete TM01_termination_of_appointment_of_director.pdf
[2011/02/20 17:02:59 | 000,746,851 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\director termination.pdf
[2011/01/09 14:58:47 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/09 14:53:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/22 13:07:27 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/05/19 21:31:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2009/05/19 21:31:41 | 000,004,728 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2007/12/09 16:45:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2007/12/09 16:43:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini
[2006/09/07 21:25:17 | 000,030,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2006/06/21 16:22:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2005/08/23 20:55:06 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/08/23 20:34:11 | 000,001,444 | ---- | C] () -- C:\WINDOWS\btclickn.ini
[2005/08/20 19:43:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 18:16:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/08/16 11:21:01 | 000,187,940 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005/08/04 12:21:58 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 09:50:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/07 12:32:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:22:45 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:45 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 12:22:45 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:15:13 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:07:16 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 12:07:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/03/07 12:07:04 | 000,100,839 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 12:01:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/07 12:01:47 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/07 12:01:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/07 12:01:43 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/07 11:56:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/03/07 11:56:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/03/07 11:56:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/03/07 11:54:46 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 11:54:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/07 11:53:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/07 11:47:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/07 11:46:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/07 11:41:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 11:40:52 | 000,221,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/03/22 01:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,314,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,041,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2006/09/02 22:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/06 21:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/11/22 13:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/11/25 15:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/11/25 16:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/12/02 14:13:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 19:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2005/08/05 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Template
[2006/09/02 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\PC Suite
[2006/09/07 21:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Nokia
[2007/12/09 16:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Nikon
[2010/06/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Trusteer
[2010/12/02 14:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Uniblue
[2011/03/15 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Birdstep Technology

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 17/03/2011 22:41:14 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Wayne Nation\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.38 Gb Total Space | 14.66 Gb Free Space | 55.59% Space Free | Partition Type: FAT32
Drive D: | 26.55 Gb Total Space | 25.54 Gb Free Space | 96.20% Space Free | Partition Type: FAT32
Drive F: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TANZY | User Name: Wayne Nation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\BT Broadband Desktop Help\BTBB\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\BTBB\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\BTBB\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\BTBB\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1CABB679-3958-44AA-BFFF-4E68A2684255}" = ArcSoft Panorama Maker 3.0
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Audacity_is1" = Audacity 1.2.6
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"GoToAssist" = GoToAssist Corporate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"iWare iWare Mouse" = iWare iWare Mouse 3.2
"Lexmark 730 Series" = Lexmark 730 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"Rapport_msi" = Rapport
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2011 12:51:40 | Computer Name = TANZY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/03/2011 12:51:40 | Computer Name = TANZY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/03/2011 12:51:41 | Computer Name = TANZY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 15/03/2011 15:56:52 | Computer Name = TANZY | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
-- Error 1704.An installation for Nokia PC Suite is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 16/03/2011 16:51:08 | Computer Name = TANZY | Source = McLogEvent | ID = 5051
Description =

Error - 16/03/2011 18:54:26 | Computer Name = TANZY | Source = McLogEvent | ID = 5051
Description =

Error - 17/03/2011 17:50:01 | Computer Name = TANZY | Source = McLogEvent | ID = 5004
Description =

Error - 17/03/2011 17:50:01 | Computer Name = TANZY | Source = McLogEvent | ID = 5022
Description =

Error - 17/03/2011 17:50:01 | Computer Name = TANZY | Source = McLogEvent | ID = 5004
Description =

Error - 17/03/2011 17:50:01 | Computer Name = TANZY | Source = McLogEvent | ID = 5022
Description =

[ System Events ]
Error - 16/03/2011 18:50:42 | Computer Name = TANZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKELL

Error - 16/03/2011 18:54:26 | Computer Name = TANZY | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 16/03/2011 19:13:15 | Computer Name = TANZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 16/03/2011 19:13:16 | Computer Name = TANZY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 16/03/2011 19:13:16 | Computer Name = TANZY | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 16/03/2011 19:13:47 | Computer Name = TANZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 17/03/2011 16:42:08 | Computer Name = TANZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKELL

Error - 17/03/2011 16:57:07 | Computer Name = TANZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKELL

Error - 17/03/2011 17:00:14 | Computer Name = TANZY | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 17/03/2011 18:38:12 | Computer Name = TANZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKELL


< End of report >
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 17th, 2011, 7:07 pm

Do you have the GMER scan?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 18th, 2011, 4:29 am

Hi,, having trouble with gmer, same as dds. Starts but seems to hang locking everything up, command window opens but that is as far as it gets. I am sure I can hear the drive click beforeit all stops and I think that was the case with dds too.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 18th, 2011, 2:18 pm

Hi

Ok we'll try something else.


aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 19th, 2011, 6:35 am

MBR log

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-19 10:31:55
-----------------------------
10:31:55.632 OS Version: Windows 5.1.2600 Service Pack 3
10:31:55.632 Number of processors: 1 586 0x1C00
10:31:55.647 ComputerName: TANZY UserName:
10:31:57.116 Initialize success
10:32:01.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:32:01.241 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
10:32:03.272 Disk 0 MBR read successfully
10:32:03.272 Disk 0 MBR scan
10:32:05.272 Disk 0 scanning sectors +117210240
10:32:05.522 Disk 0 scanning C:\WINDOWS\system32\drivers
10:32:10.085 Service scanning
10:32:11.303 Disk 0 trace - called modules:
10:32:11.303 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:32:11.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89782ab8]
10:32:11.319 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x897dc030]
10:32:11.319 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89781940]
10:32:11.334 Scan finished successfully
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 19th, 2011, 6:55 am

Hi

That looks ok.


Give me an update on the problems you are having & see if this turns off the realtime protection of BT NetProtect plus. It if works, it should be the same procedure to turn it back on.

  • Open Bt NetProtect plus
  • Go to Home
  • click the green ON by real time scanning
  • click real time scanning settings
  • click turn off
  • Close Bt NetProtect plus



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus (See Above)

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.




In your next reply:
  1. MBAM log.
  2. ESET log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 19th, 2011, 8:44 am

Hi, I have uninstalled the BT protection and installed Avast. The method you suggest did appear to turn off some protection but didnt seem to stop it interfering.

I cant run TFC, I get error message saying it is not a valid win32 application. Also, I dont know if it is a weird coincidence but I am struggling to type any text, e.g to login to this site. I have to send this from mobile.

Also cant seem to type in to run box and cpu running at 70% and trouble turning off
Last edited by microw on March 19th, 2011, 8:58 am, edited 1 time in total.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 19th, 2011, 8:58 am

Delete the copy of TFC you already have and download a fresh copy. Try to run it again and follow the instructions. If you still have problems let me know.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 19th, 2011, 1:46 pm

TFC worked ok on second attempt.

eset log

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=8705d0f91c54c446bfb5057bf5f68abd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-19 07:35:58
# local_time=2011-03-19 07:35:58 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1131821 1131821 0 0
# compatibility_mode=8192 67108863 100 0 15223 15223 0 0
# scanned=48234
# found=0
# cleaned=0
# scan_time=2797

Mbytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6106

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/03/2011 14:20:38
mbam-log-2011-03-19 (14-20-38).txt

Scan type: Quick scan
Objects scanned: 148940
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 19th, 2011, 4:40 pm

Hi

Looking good so far. Give me an update on the problems you are having as so far the scans are not showing a malware infection.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware