Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unable to run dds

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unable to run dds

Unread postby nala66 » April 15th, 2011, 2:08 pm

sorry for not reading the rules about posting first.
when i click on the link to download dds it says firefox cannot establish connection
as i mentioned before my avira antivirus keeps finding virus html/drop.agent.ab
what other information do you need
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm
Advertisement
Register to Remove

Re: unable to run dds

Unread postby Carolyn » April 15th, 2011, 6:58 pm

Please try to download a different tool.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post the following:
  • The OTL.txt logfile
  • The Extras.txt logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: unable to run dds

Unread postby nala66 » April 16th, 2011, 8:44 am

OTL>Txt is as follows
OTL logfile created on: 16/04/2011 13:30:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Alan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.13 Gb Total Space | 105.47 Gb Free Space | 73.69% Space Free | Partition Type: NTFS

Computer Name: ALAN-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 13:29:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\My Documents\Downloads\OTL.exe
PRC - [2011/03/25 20:30:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/05 08:00:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/05 15:13:43 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/12 17:54:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/09 16:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFFE.EXE
PRC - [2008/10/09 15:33:34 | 002,086,912 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/10/09 15:32:56 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 05:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/08/28 15:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/25 17:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 17:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/20 17:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/02 15:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/08/17 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 13:29:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/05 15:13:43 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/12 17:54:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/09 15:32:56 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 21:47:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/12 17:54:06 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/04 14:33:40 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 15:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/28 15:54:50 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=5080211
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/ ... nel=uk-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.google.com/smallbiz. ... bd=5080211


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=5080211
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz. ... bd=5080211
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=5080211
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz. ... bd=5080211
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3128645907-3684480705-3493481580-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=5080211
IE - HKU\S-1-5-21-3128645907-3684480705-3493481580-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/ ... nel=uk-smb
IE - HKU\S-1-5-21-3128645907-3684480705-3493481580-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
IE - HKU\S-1-5-21-3128645907-3684480705-3493481580-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3128645907-3684480705-3493481580-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.9.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/17 19:20:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/05 08:01:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 20:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 20:30:14 | 000,000,000 | ---D | M]

[2009/01/30 20:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions
[2009/01/30 20:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/14 21:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\extensions
[2010/06/09 20:01:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/21 20:14:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/23 20:52:04 | 000,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2009/10/25 22:40:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/12/16 22:21:50 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/09/20 21:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/16 16:33:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/05 08:01:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9342EE4D-0CEA-4AE6-AA51-17052FBF2780} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-3128645907-3684480705-3493481580-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )

extras text is as follows

OTL Extras logfile created on: 16/04/2011 13:30:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Alan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.13 Gb Total Space | 105.47 Gb Free Space | 73.69% Space Free | Partition Type: NTFS

Computer Name: ALAN-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS10F.tmp\SymNRT.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS10F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice
"C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe:*:Disabled:Football Manager 2010 Demo


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5499A827-E4C8-49B8-8462-4C0E5CA976A5}" = ConstructionSkills
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"CSCLIB" = Canon Camera Support Core Library
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"edd5ea85-6ba0-d3c9-c743-c56f3aaf3e41" = Browser Performance Tool Offersfortoday
"egnplrmdqpdstcy" = RON Tool Offersfortoday
"EOS Utility" = Canon Utilities EOS Utility
"EPSON P50 Series" = EPSON P50 Series Printer Uninstall
"Epson Stylus Photo P50_T50 User’s Guide" = Epson Stylus Photo P50_T50 Manual
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"SopCast" = SopCast 2.0.4
"SynTPDeinstKey" = Dell Touchpad
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3128645907-3684480705-3493481580-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/2011 16:47:17 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application DrgToDsc.exe, version 9.0.0.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2011 16:47:31 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2011 16:47:50 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2011 16:48:16 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2011 16:49:20 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2011 16:49:53 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2011 17:10:12 | Computer Name = ALAN-LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 16/04/2011 02:47:17 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/04/2011 02:47:47 | Computer Name = ALAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/04/2011 08:18:55 | Computer Name = ALAN-LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ System Events ]
Error - 27/03/2011 04:02:29 | Computer Name = ALAN-LAPTOP | Source = DCOM | ID = 10010
Description = The server {5EFBB572-1CBD-47DA-8BBA-5BAB9CADD108} did not register
with DCOM within the required timeout.

Error - 27/03/2011 04:03:42 | Computer Name = ALAN-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It
has done this 1 time(s).

Error - 14/04/2011 08:22:39 | Computer Name = ALAN-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 14/04/2011 08:22:40 | Computer Name = ALAN-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 14/04/2011 08:22:40 | Computer Name = ALAN-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053


< End of report >

avira anti virus keeps finding virus in different files but says it "contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus.
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby Carolyn » April 17th, 2011, 2:41 pm

Remove Outdated Programs
Some outdated programs represent a security risk. You can install current versions after your computer is clean.
Please Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Adobe Reader 9.1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7

Also, please uninstall McAfee Security Scan

==================================

Entertainment Programs
I see that you have SopCast 2.0.4 and installed on your computer.

It's not uncommon for TV and entertainment portals to utilize unsafe P2P programs, perhaps not even fully understanding the safety issue. Use of entertainment programs often results in symptoms of port traffic and cpu spikes indicative of activity taking place not generated by the user and without his/her knowledge and/or approval. They may be responsible for or contributing to your system being slow.

You may want to consider uninstalling that program.

==================================

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

==================================

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

==================================

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {9342EE4D-0CEA-4AE6-AA51-17052FBF2780} - File not found
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    :Services
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" =-
    C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe" =-
    
    :Files
    C:\Program Files\uTorrent
    C:\Program Files\Sports Interactive\Football Manager 2010 Demo
    
    :Commands
    [CREATERESTOREPOINT] 
    [emptytemp]
    [Reboot]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

==================================

I see you already have Malwarebytes Anti-Malware installed:

  • Launch the application, select the Updates tab and click Check for Updates
  • Select the Scanner tab, choose Perform Full Scan then click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

==================================

Please re-enable Avira now.

==================================

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

If you are unable to download DDS using Firefox, please try to download the program using Internet Explorer.

==================================

Please post the following in your next reply:
  • The OTL log
  • The Malwarebytes' log
  • DDS.txt
  • Attach.txt
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: unable to run dds

Unread postby nala66 » April 17th, 2011, 5:38 pm

hi ive done as you asked so far.
the otl report is now
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9342EE4D-0CEA-4AE6-AA51-17052FBF2780}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9342EE4D-0CEA-4AE6-AA51-17052FBF2780}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe" not found.
========== FILES ==========
C:\Program Files\uTorrent folder moved successfully.
C:\Program Files\Sports Interactive\Football Manager 2010 Demo\data\sounds\default folder moved successfully.
C:\Program Files\Sports Interactive\Football Manager 2010 Demo\data\sounds folder moved successfully.
C:\Program Files\Sports Interactive\Football Manager 2010 Demo\data folder moved successfully.
C:\Program Files\Sports Interactive\Football Manager 2010 Demo folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 32556 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Alan
->Temp folder emptied: 24244882 bytes
->Temporary Internet Files folder emptied: 270596913 bytes
->Java cache emptied: 480 bytes
->FireFox cache emptied: 53720783 bytes
->Apple Safari cache emptied: 9459712 bytes
->Flash cache emptied: 359528 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: louisa
->Temp folder emptied: 164003 bytes
->Temporary Internet Files folder emptied: 63966949 bytes
->Flash cache emptied: 765 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39579869 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104227692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 34904187 bytes

Total Files Cleaned = 576.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04172011_220449

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Alan\Local Settings\Temp\~DF67F9.tmp not found!
File\Folder C:\Documents and Settings\Alan\Local Settings\Temp\~DF681E.tmp not found!
File\Folder C:\Documents and Settings\Alan\Local Settings\Temp\~DF68FA.tmp not found!
File\Folder C:\Documents and Settings\Alan\Local Settings\Temp\~DF692A.tmp not found!
File\Folder C:\Documents and Settings\Alan\Local Settings\Temp\~DF6B10.tmp not found!
File\Folder C:\Documents and Settings\Alan\Local Settings\Temp\~DF6B2B.tmp not found!
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\49A1KCWW\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

the malware anti malware will not run through. I have tried it twice and it stops at about 9 min.I then have to restart the computer to get rid of it.
also even though I have disabled avira as you said to the antivir guard keeps popping up with a detection
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby Carolyn » April 17th, 2011, 7:25 pm

Please try running Malwarebytes' Anti-Malware in Safe Mode:

Boot to Safe Mode

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, continually press F8.
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: unable to run dds

Unread postby nala66 » April 18th, 2011, 1:43 am

i got the malware to run in normal modeMalwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 6386

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/04/2011 00:00:21
mbam-log-2011-04-18 (00-00-21).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 241625
Time elapsed: 1 hour(s), 12 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

i could only get the 3rd link to work when i had avira switched off as earlier in process


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alan at 6:31:30.01 on 18/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2166 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alan\My Documents\safe.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/sport1/hi/football/default.stm
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=uk-smb
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz. ... bd=5080211
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=uk-smb
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz. ... bd=5080211
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=uk-smb
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\vaxgeuoc\egpsouxs.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\windows\temp\E_S54.tmp" /EF "HKCU"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurig ... 1130191653
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/ac ... acking.cab
DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} - hxxp://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\zo3y7msc.default\
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\zo3y7msc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\zo3y7msc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\firefox\profiles\zo3y7msc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Property Bee: {da8bd68d-8e90-41cd-8345-a71b294e72e6} - %profile%\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-11 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-11 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-11 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-11 56816]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-11 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
.
=============== Created Last 30 ================
.
2011-04-17 21:04:49 -------- d-----w- C:\_OTL
2011-04-15 18:43:04 -------- d--h--w- c:\windows\PIF
2011-04-14 20:33:34 -------- d-----w- c:\program files\vaxgeuoc
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 6:32:26.37 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 13/02/2008 21:40:53
System Uptime: 17/04/2011 22:44:07 (8 hours ago)
.
Motherboard: Dell Inc. | | 0WY040
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1176/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 103.115 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP290: 15/01/2011 16:08:36 - System Checkpoint
RP291: 16/01/2011 18:57:28 - System Checkpoint
RP292: 17/01/2011 21:28:30 - System Checkpoint
RP293: 19/01/2011 18:46:32 - System Checkpoint
RP294: 21/01/2011 19:47:13 - System Checkpoint
RP295: 27/01/2011 12:50:08 - System Checkpoint
RP296: 29/01/2011 14:13:52 - System Checkpoint
RP297: 03/02/2011 07:49:25 - System Checkpoint
RP298: 08/02/2011 21:40:03 - Software Distribution Service 3.0
RP299: 11/02/2011 18:41:06 - System Checkpoint
RP300: 12/02/2011 20:37:12 - System Checkpoint
RP301: 20/02/2011 13:09:33 - System Checkpoint
RP302: 24/02/2011 19:07:50 - System Checkpoint
RP303: 28/02/2011 19:15:35 - Software Distribution Service 3.0
RP304: 03/03/2011 20:14:57 - System Checkpoint
RP305: 08/03/2011 21:27:57 - Software Distribution Service 3.0
RP306: 09/03/2011 19:55:04 - Software Distribution Service 3.0
RP307: 15/03/2011 18:44:03 - System Checkpoint
RP308: 17/03/2011 09:11:25 - System Checkpoint
RP309: 23/03/2011 19:35:19 - System Checkpoint
RP310: 24/03/2011 14:45:55 - Software Distribution Service 3.0
RP311: 26/03/2011 21:52:20 - System Checkpoint
RP312: 01/04/2011 21:30:27 - System Checkpoint
RP313: 14/04/2011 14:43:33 - Software Distribution Service 3.0
RP314: 15/04/2011 17:30:02 - Software Distribution Service 3.0
RP315: 17/04/2011 21:21:28 - Removed Adobe Reader 9.1.
RP316: 17/04/2011 21:22:39 - Removed J2SE Runtime Environment 5.0 Update 6
RP317: 17/04/2011 21:23:47 - Removed Java(TM) 6 Update 7
RP318: 17/04/2011 22:05:04 - OTL Restore Point
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Browser Performance Tool Offersfortoday
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
ConstructionSkills
Dell Support Center
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
Epson Easy Photo Print 2
EPSON P50 Series Printer Uninstall
Epson Print CD
Epson Stylus Photo P50_T50 Manual
EPSON Web-To-Page
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Laptop Integrated Webcam Driver (1.03.02.0719)
LegalSounds Music Downloader 1.4
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.6.16)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Music Rescue
mWlsSafe
mWMI
mZConfig
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
QuickSet
QuickTime
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
RON Tool Offersfortoday
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sonic Activation Module
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vodafone Mobile Connect Lite
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
18/04/2011 00:03:09, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
18/04/2011 00:03:09, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
18/04/2011 00:03:09, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
18/04/2011 00:03:03, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
17/04/2011 23:55:44, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.6040, the version of the system file is 6.0.2900.6040.
17/04/2011 23:55:44, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
17/04/2011 23:54:06, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
17/04/2011 23:47:51, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.0.5730.13, the version of the system file is 7.0.5730.13.
17/04/2011 23:47:51, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
17/04/2011 23:36:27, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:36:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:36:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:36:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:32:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
17/04/2011 23:32:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.0.9246, the version of the system file is 6.1.0.9246.
17/04/2011 22:04:52, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:51, error: Service Control Manager [7034] - The RoxMediaDB9 service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7031] - The Vodafone Mobile Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
17/04/2011 22:04:50, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/04/2011 13:22:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
14/04/2011 13:22:40, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/04/2011 13:22:39, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
.
==== End Of File ===========================
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby Carolyn » April 18th, 2011, 8:35 am

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: unable to run dds

Unread postby nala66 » April 18th, 2011, 1:59 pm

ComboFix 11-04-17.02 - Alan 18/04/2011 18:42:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2552 [GMT 1:00]
Running from: c:\documents and settings\Alan\My Documents\1ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alan\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-17 21:04 . 2011-04-17 21:04 -------- d-----w- C:\_OTL
2011-04-15 18:43 . 2011-04-15 18:43 -------- d--h--w- c:\windows\PIF
2011-04-14 20:33 . 2011-04-18 17:50 -------- d-----w- c:\program files\vaxgeuoc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 17:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-11 17:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 17:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-11 17:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-11 17:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-11 17:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-11 17:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-11 17:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-11 17:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 09:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-11 17:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-11 17:11 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-11 17:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 17:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-11 17:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-11 17:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-08-11 17:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 17:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 17:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 410131]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-11 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 606549]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-11 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\vaxgeuoc\egpsouxs.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:a8d93b5a31
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 20:14 108289]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [09/10/2008 15:32 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/02/2010 12:27 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-11 21:45]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:26]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:26]
.
2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3128645907-3684480705-3493481580-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-04-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3128645907-3684480705-3493481580-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/sport1/hi/football/default.stm
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz. ... bd=5080211
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurig ... 1130191653
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\zo3y7msc.default\
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Property Bee: {da8bd68d-8e90-41cd-8345-a71b294e72e6} - %profile%\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-egnplrmdqpdstcy - c:\windows\system32\egnplrmdqpdstcy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe 184691 bytes executable
C:\egpsouxs.exe 184691 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4172)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-04-18 18:57:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-18 17:57
.
Pre-Run: 110,571,855,872 bytes free
Post-Run: 110,459,138,048 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2EEF8010620F243A1F05C5ECEBC4C782
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby Carolyn » April 18th, 2011, 3:40 pm

Run a custom CFScript

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=56492&p=575839#p575839

Collect::
c:\program files\vaxgeuoc\egpsouxs.exe
c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe
C:\egpsouxs.exe

Folder::
c:\program files\vaxgeuoc

DirLook::
c:\windows\PIF

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

=============================================

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Important: Disable Avast! before continuing

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

=============================================

Please post the following in your next reply:
  • The ComboFix log
  • The ESET log
  • A new DDS log
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: unable to run dds

Unread postby nala66 » April 18th, 2011, 4:39 pm

hi i copy and pasted the text and ran a combofix however when it has finished it restarts the computer then comes back on with the preparing log screen.after a while i get the message "system cannot find the file NircmdB.exe"


mozilla will not open anymore i am using internet explorer.also i am being redirected to licoseach.com sometimes when i try to open a page from google search results
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby nala66 » April 18th, 2011, 4:47 pm

im unable to download the eset scanner,also i cannot seem to do anything unless aviva is turned off.also any links to bleepingcomputer.com dont work
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby nala66 » April 18th, 2011, 5:03 pm

i have run dds
the reports are
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alan at 22:01:26.07 on 18/04/2011
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2349 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Alan\My Documents\safe.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/sport1/hi/football/default.stm
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz. ... bd=5080211
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\vaxgeuoc\egpsouxs.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurig ... 1130191653
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/ac ... acking.cab
DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} - hxxp://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\zo3y7msc.default\
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\zo3y7msc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\zo3y7msc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Property Bee: {da8bd68d-8e90-41cd-8345-a71b294e72e6} - %profile%\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-11 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-11 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-11 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-11 56816]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
.
=============== Created Last 30 ================
.
2011-04-18 20:18:52 -------- d-----w- C:\1ComboFix85591
2011-04-18 19:56:28 -------- d-----w- C:\1ComboFix
2011-04-18 17:41:23 -------- d-sha-r- C:\cmdcons
2011-04-18 17:32:25 98816 ----a-w- c:\windows\sed.exe
2011-04-18 17:32:25 89088 ----a-w- c:\windows\MBR.exe
2011-04-18 17:32:25 256512 ----a-w- c:\windows\PEV.exe
2011-04-18 17:32:25 161792 ----a-w- c:\windows\SWREG.exe
2011-04-17 21:04:49 -------- d-----w- C:\_OTL
2011-04-15 18:43:04 -------- d--h--w- c:\windows\PIF
2011-04-14 20:33:34 -------- d-----w- c:\program files\vaxgeuoc
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 22:02:31.57 ===============

and

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 13/02/2008 21:40:53
System Uptime: 18/04/2011 21:26:21 (1 hours ago)
.
Motherboard: Dell Inc. | | 0WY040
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1575/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 102.544 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP290: 15/01/2011 16:08:36 - System Checkpoint
RP291: 16/01/2011 18:57:28 - System Checkpoint
RP292: 17/01/2011 21:28:30 - System Checkpoint
RP293: 19/01/2011 18:46:32 - System Checkpoint
RP294: 21/01/2011 19:47:13 - System Checkpoint
RP295: 27/01/2011 12:50:08 - System Checkpoint
RP296: 29/01/2011 14:13:52 - System Checkpoint
RP297: 03/02/2011 07:49:25 - System Checkpoint
RP298: 08/02/2011 21:40:03 - Software Distribution Service 3.0
RP299: 11/02/2011 18:41:06 - System Checkpoint
RP300: 12/02/2011 20:37:12 - System Checkpoint
RP301: 20/02/2011 13:09:33 - System Checkpoint
RP302: 24/02/2011 19:07:50 - System Checkpoint
RP303: 28/02/2011 19:15:35 - Software Distribution Service 3.0
RP304: 03/03/2011 20:14:57 - System Checkpoint
RP305: 08/03/2011 21:27:57 - Software Distribution Service 3.0
RP306: 09/03/2011 19:55:04 - Software Distribution Service 3.0
RP307: 15/03/2011 18:44:03 - System Checkpoint
RP308: 17/03/2011 09:11:25 - System Checkpoint
RP309: 23/03/2011 19:35:19 - System Checkpoint
RP310: 24/03/2011 14:45:55 - Software Distribution Service 3.0
RP311: 26/03/2011 21:52:20 - System Checkpoint
RP312: 01/04/2011 21:30:27 - System Checkpoint
RP313: 14/04/2011 14:43:33 - Software Distribution Service 3.0
RP314: 15/04/2011 17:30:02 - Software Distribution Service 3.0
RP315: 17/04/2011 21:21:28 - Removed Adobe Reader 9.1.
RP316: 17/04/2011 21:22:39 - Removed J2SE Runtime Environment 5.0 Update 6
RP317: 17/04/2011 21:23:47 - Removed Java(TM) 6 Update 7
RP318: 17/04/2011 22:05:04 - OTL Restore Point
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Browser Performance Tool Offersfortoday
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
ConstructionSkills
Dell Support Center
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
Epson Easy Photo Print 2
EPSON P50 Series Printer Uninstall
Epson Print CD
Epson Stylus Photo P50_T50 Manual
EPSON Web-To-Page
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Laptop Integrated Webcam Driver (1.03.02.0719)
LegalSounds Music Downloader 1.4
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.6.16)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Music Rescue
mWlsSafe
mWMI
mZConfig
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
QuickSet
QuickTime
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sonic Activation Module
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vodafone Mobile Connect Lite
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
18/04/2011 00:03:09, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
18/04/2011 00:03:09, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
18/04/2011 00:03:09, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
18/04/2011 00:03:03, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
17/04/2011 23:55:44, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.6040, the version of the system file is 6.0.2900.6040.
17/04/2011 23:55:44, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
17/04/2011 23:54:06, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
17/04/2011 23:47:51, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.0.5730.13, the version of the system file is 7.0.5730.13.
17/04/2011 23:47:51, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
17/04/2011 23:36:27, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:36:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:36:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:36:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
17/04/2011 23:32:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
17/04/2011 23:32:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.0.9246, the version of the system file is 6.1.0.9246.
17/04/2011 22:04:52, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:51, error: Service Control Manager [7034] - The RoxMediaDB9 service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
17/04/2011 22:04:50, error: Service Control Manager [7031] - The Vodafone Mobile Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
17/04/2011 22:04:50, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/04/2011 13:22:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
14/04/2011 13:22:40, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/04/2011 13:22:39, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
.
==== End Of File ===========================
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm

Re: unable to run dds

Unread postby Carolyn » April 18th, 2011, 5:07 pm

Please look for a file named C:\Bug.txt. If found post the contents for my review.

Also, look for C:\ComboFix.txt, if found, post the contents of that file as well.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: unable to run dds

Unread postby nala66 » April 18th, 2011, 5:18 pm

i cannot find a file named C:\Bug.txt
there are 2 files for combofix

ComboFix 11-04-17.02 - Alan 18/04/2011 20:57:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2464 [GMT 1:00]
Running from: C:\Documents and Settings\Alan\My Documents\1ComboFix.exe
Command switches used :: C:\Documents and Settings\Alan\My Documents\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe
file zipped: C:\egpsouxs.exe
file zipped: c:\program files\vaxgeuoc\egpsouxs.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe
C:\egpsouxs.exe
c:\program files\vaxgeuoc\egpsouxs.exe
c:\program files\vaxgeuoc . . . . Failed to delete


((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))


2011-04-17 21:04:49 . 2011-04-17 21:04:49 -------- d-----w- C:\_OTL
2011-04-15 18:43:04 . 2011-04-15 18:43:04 -------- d--h--w- C:\WINDOWS\PIF
2011-04-14 20:33:34 . 2011-04-18 20:07:13 -------- d-----w- C:\Program Files\vaxgeuoc
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2004-08-11 17:12:51 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2004-08-11 17:00:36 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2004-08-11 17:00:37 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2004-08-11 17:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2004-08-11 17:00:18 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2004-08-11 17:00:17 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2004-08-11 17:00:16 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2004-08-11 17:00:20 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2004-08-11 17:00:34 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2009-04-17 09:49:09 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2004-08-11 17:00:01 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-11 13:25:52 . 2004-08-11 17:11:26 229888 ----a-w- C:\WINDOWS\system32\fxscover.exe
2011-02-09 13:53:52 . 2004-08-11 17:00:30 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2004-08-11 17:00:13 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2004-08-11 17:00:19 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2004-08-11 17:00:19 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-02 07:58:35 . 2004-08-11 17:11:27 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2004-08-11 17:11:27 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe
2011-01-21 14:44:37 . 2004-08-11 17:00:31 439296 ----a-w- C:\WINDOWS\system32\shimgvw.dll

and

ComboFix 11-04-17.02 - Alan 18/04/2011 21:20:02.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2512 [GMT 1:00]
Running from: C:\Documents and Settings\Alan\My Documents\1ComboFix.exe
Command switches used :: C:\Documents and Settings\Alan\My Documents\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe
file zipped: C:\egpsouxs.exe
file zipped: c:\program files\vaxgeuoc\egpsouxs.exe

/wow section - STAGE 3


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe
C:\egpsouxs.exe
c:\program files\vaxgeuoc\egpsouxs.exe
c:\program files\vaxgeuoc . . . . Failed to delete

---- Previous Run -------

c:\documents and settings\Alan\Start Menu\Programs\Startup\egpsouxs.exe
C:\egpsouxs.exe
c:\program files\vaxgeuoc\egpsouxs.exe


((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 ))))))))))))))))))))))))))))))
nala66
Active Member
 
Posts: 13
Joined: April 15th, 2011, 12:50 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware