# Girl in Distress!! Google redirect and possibly other issues. HELP needed !!



## GIRLY1 (May 11, 2011)

Hi....girl needs assistance in getting rid of this annoying google redirect issue and possibly other issues.

My computers (3) have been running fine until a afew weeks ago, after which I got some viruses and every time I searched on something and clicked on the searches it redirected me to other websites. Some legitimate(ebay, yahoo - then again not sure these are cloned websites or not) and some not.

I have run many antivirus and got rid of alot of stuff after reading it up on the internet, I believe I have got rid of all the viruses ( some were TIDServ ) ones and managed to stabalise the PC.

So far I have ran:

*TDSKill*
*-Malwarebytes Anti-Malware*
*Superanti spyware*
*many others too*

I have installed Norton internet security 2011, which admittedly I installed after I started getting all the problems and was hoping that it would clear this mess up. 
I've also started to notice that the PC's are running slowly than before and getting High CPU usage and High memory usage, not sure why as I only had one IE windows open, so 

I have also got a different clean from viruses PC, loaded latest Norton Antivirus on it plugged it in and that too has developed the google redirect syndrome too. Do you think that it could also be a router issue? 

I've tried everything, apart from getting help from the techie experts - thats right, I'm looking at you. Please can you help me. Just let me know what info you need and I'll get it too you.
Thanks so much

Below are the details of 2 of the PC's

*PC1*
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Celeron(R) CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 510 Mb
Graphics Card: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, 64 Mb
Hard Drives: C: Total - 39166 MB, Free - 27391 MB; 
Motherboard: Dell Computer Corp., 0G1548, A00, ..CN708213ANF167.
Antivirus: Norton Internet Security, Updated: Yes, On-Demand Scanner: Enabled

*PC2*

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 1
Processor Count: 1
RAM: 509 Mb
Graphics Card: Intel(R) 82865G Graphics Controller, 96 Mb
Hard Drives: C: Total - 73171 MB, Free - 65648 MB; 
Motherboard: Dell Computer Corp., 0WF887, , ..CN7082162C07H2.
Antivirus: Norton Internet Security, Updated: Yes, On-Demand Scanner: Enabled


----------



## GIRLY1 (May 11, 2011)

*PC1*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:24:35, on 12/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...xAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6484 bytes


----------



## GIRLY1 (May 11, 2011)

*PC2*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:31:17, on 12/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 5739 bytes


----------



## GIRLY1 (May 11, 2011)

Clicked on my Tech Support Guy favourites link today, stayed there for about 10 secs and then automatically got redirected to another website. 

Any of the experts(any from the UK-same time zone) free to help me out yet? 

Thanks


----------



## Cookiegal (Aug 27, 2003)

My first question is why are you still on SP2 which is now unsupported and making your system vulnerable to infection? Do NOT install SP3 yet as doing so on an infected computer could cause serious issues.

Please do this for BOTH computers and post the logs, clearly identifying PC1 and PC2.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## GIRLY1 (May 11, 2011)

Was not aware that SP2 was outdated and had to be on SP3 (not sure what SP2 and SP3 are really), been using these for a while without any problems until recently.

*PC1*
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Akamai NetSession Interface
Broadcom 440x 10/100 Integrated Controller
CAM UnZip 4.42
CCleaner
CutePDF Writer 2.8
GIMP 2.6.8
GPL Ghostscript 8.71
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 16
Junkyard Adventures in Space
Letts Practise Maths Stage 1
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVC80_x86_v2
NETGEAR WG111v3 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton Internet Security
Norton Safe Web Lite
OpenOffice.org 3.1
PC Connectivity Solution
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype web features
Skype 4.1
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 2

*PC2*
725plc32
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AirPlus G
ANIO Service
ANIWZCS2 Service
ARTEuro
CinepPlayer 30 Update
Corel Paint Shop Pro X
Corel Photo Album 6
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Works 7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic Activation Module
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Windows Internet Explorer 8
Windows Media Format Runtime


----------



## Cookiegal (Aug 27, 2003)

I would normally wait until the end to recommend this but these versions of Java you're running are so outdated that they are a high security risk so you need to do this on both computers to get the latest version of Java installed.

Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 25 *.
You will see four options, Java, JavaFX, NetBeans and Java EE. Under the first one (Java) you will see two links, JDK and JRE. Click on the JRE link.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6u25 with JavaFX License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (*jre-6u25-windows-i586.exe*) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

These are the old versions of Java that need to be removed:

PC1:
Java(TM) 6 Update 16

PC2:
Java 2 Runtime Environment, SE v1.4.2_03

Once you've done that, please do the following for each computer:

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## GIRLY1 (May 11, 2011)

All done. The only thing that I could not do was to disable script blocking(searched everywhere in Norton for it). Then found this on the Norton community internet site:

*Re: Script Blocking*
10-07-2008 08:34 AM 
Norton products no longer have the "script blocking" feature that was previously in our products. There is no feature to disable.

Erik
Technical Product Manager
Symantec Corporation
____________________________________________________________________________________

DDS.txt copied and pasted below and Attach.txt, (not sure if that was to be copied and pasted or attached, so I've attached it.)

*PC1*
.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Administrator at 21:10:55.87 on 18/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.173 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...xAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\rw5ah8qh.default\
FF - prefs.js: browser.startup.homepage - hxxp://timeanddate.com/worldclock/city.html?n=136
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-11 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110430.001\BHDrvx86.sys [2011-5-11 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-11 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2003-7-16 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-11 130008]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-5-11 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110514.001\IDSXpx86.sys [2011-5-17 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110518.006\NAVENG.SYS [2011-5-18 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110518.006\NAVEX15.SYS [2011-5-18 1542392]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
.
=============== Created Last 30 ================
.
2011-05-18 19:33:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:33:24 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-18 19:33:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-17 20:26:47 -------- d-----w- C:\TYPED ROUTER
2011-05-11 13:02:11 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-11 13:02:10 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-11 13:02:10 -------- d-----w- c:\program files\Symantec
2011-05-11 13:02:10 -------- d-----w- c:\program files\common files\Symantec Shared
2011-05-11 13:01:51 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-05-11 13:01:50 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-05-11 13:01:50 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-05-11 13:01:50 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-05-11 13:01:49 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-05-11 13:01:49 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-05-11 13:01:49 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-05-11 13:01:49 136312 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-05-11 13:00:41 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-05-11 12:59:46 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-11 12:59:31 -------- d-----w- c:\program files\Norton Internet Security
2011-05-11 06:51:57 -------- d-----w- c:\windows\system32\drivers\nst\0102000.006
2011-05-11 06:51:57 -------- d-----w- c:\windows\system32\drivers\NST
2011-05-11 06:51:57 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-05-10 22:23:53 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\NPE
2011-05-10 22:17:34 -------- d-----w- c:\docume~1\admini~1\applic~1\Tific
2011-05-10 22:17:30 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Symantec
2011-05-06 13:46:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-06 08:25:11 -------- d-----w- C:\ROUTER
2011-05-05 07:43:35 -------- d-----w- C:\c9a418aa0213152fb9a6
2011-05-01 22:38:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-25 17:02:03 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 17:01:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-24 16:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-04-24 16:02:23 -------- d-----w- c:\program files\NortonInstaller
2011-04-24 16:02:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
.
==================== Find3M ====================
.
.
============= FINISH: 21:12:33.48 ===============

*PC2*
.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Admin at 21:49:37.17 on 18/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.70 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Security *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
svchost.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>] 
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-9 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110430.001\BHDrvx86.sys [2011-4-30 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-9 136312]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-9 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110514.001\IDSXpx86.sys [2011-5-17 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110518.006\NAVENG.SYS [2011-5-18 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110518.006\NAVEX15.SYS [2011-5-18 1542392]
.
=============== Created Last 30 ================
.
2011-05-18 19:49:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:49:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-13 11:07:27 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Adobe
2011-05-10 15:05:26 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-05-09 22:52:29 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-05-09 22:52:29 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-05-09 22:52:29 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-05-09 22:52:28 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-05-09 22:52:28 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-05-09 22:52:28 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-05-09 22:52:28 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-05-09 22:52:28 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-05-09 22:52:06 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-05-08 14:42:20 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Identities
2011-05-08 14:20:43 -------- d-----w- C:\surj
2011-05-06 21:09:50 -------- d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2011-05-06 21:09:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 21:09:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-06 21:09:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 21:09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-06 21:04:18 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2011-05-06 20:13:01 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2011-05-06 20:04:55 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2011-05-06 20:02:47 -------- d-----w- c:\windows\ie8updates
2011-05-06 20:00:24 -------- dc-h--w- c:\windows\ie8
2011-05-06 19:56:58 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-06 19:56:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-06 19:56:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-05-06 19:56:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-06 19:56:56 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-06 19:56:56 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-05-06 19:56:53 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-05-06 19:27:04 -------- d-----w- c:\windows\pss
2011-05-06 10:15:15 -------- d-----w- c:\windows\ServicePackFiles
2011-05-06 09:59:29 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-05-06 09:55:03 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-06 09:53:06 352640 ------w- c:\windows\system32\dllcache\srv.sys
2011-05-06 09:52:38 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-05-06 09:52:33 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-05-06 09:52:17 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-05-06 09:52:11 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-05-06 09:52:08 293376 ------w- c:\windows\system32\browserchoice.exe
2011-05-06 09:51:52 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-05-06 09:51:32 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-06 09:51:32 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-05-06 09:51:14 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-05-06 09:49:17 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-06 09:45:35 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-05-06 09:45:09 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-05-06 09:44:09 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-05-06 09:43:34 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-05-06 01:47:41 -------- d-----w- c:\windows\system32\PreInstall
2011-05-06 01:47:40 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-05-05 22:20:19 -------- d-sh--w- c:\documents and settings\admin\UserData
2011-05-05 20:35:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-05 20:35:20 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-05 20:35:20 -------- d-----w- c:\program files\Symantec
2011-05-05 20:35:20 -------- d-----w- c:\program files\common files\Symantec Shared
2011-05-05 20:34:35 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-05 20:34:25 -------- d-----w- c:\program files\Norton Internet Security
2011-05-05 20:34:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-05-05 20:22:37 -------- d-----w- c:\program files\NortonInstaller
2011-05-05 20:22:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-05-05 20:02:21 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-05-05 19:51:42 245504 ----a-w- c:\windows\system32\drivers\Dr71WU.sys
2011-05-05 19:51:41 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-05-05 19:51:41 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-05-05 19:51:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-05-05 19:51:41 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-05-05 19:51:41 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-05-05 19:51:37 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-05-05 19:51:37 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
.
==================== Find3M ====================
.
.
============= FINISH: 21:50:33.26 ===============


----------



## Cookiegal (Aug 27, 2003)

Would you please copy and paste the Attach.txt logs as per the instructions so that it's easier to refer to them.

Can you tell me what these are for on PC1?

C:\TYPED ROUTER
C:\ROUTER


----------



## Cookiegal (Aug 27, 2003)

Also, do you still have the TDSSKiller log? If it cured something please post it.


----------



## GIRLY1 (May 11, 2011)

Sorry about that. Please find pasted below Attach.txt.

C:\TYPED ROUTER and C:\ROUTER 
These are backup configs for my netgear router that I did a couple of days ago, which I can delete if you want me too.

I have TDSSKiller logs for PC3 only(that is currently switched of and not been used since around 24th April-I can submit these if you require) and not for PC1 or PC2.

*PC1*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 29/12/2009 21:06:33
System Uptime: 18/05/2011 20:25:11 (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2393/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 26.512 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 24/04/2011 16:57:10 - System Checkpoint
RP2: 25/04/2011 18:38:07 - System Checkpoint
RP3: 28/04/2011 15:22:34 - System Checkpoint
RP4: 29/04/2011 21:45:39 - System Checkpoint
RP5: 01/05/2011 13:04:21 - FEB2011
RP6: 01/05/2011 13:07:53 - 3FEB2011
RP7: 02/05/2011 16:47:22 - System Checkpoint
RP8: 05/05/2011 18:49:02 - System Checkpoint
RP9: 06/05/2011 08:36:12 - Avg Update
RP10: 10/05/2011 20:43:14 - Avg Update
RP11: 10/05/2011 20:47:04 - Removed AVG Free 9.0
RP12: 10/05/2011 20:49:39 - Installed AVG Free 9.0
RP13: 10/05/2011 23:34:28 - Norton_Power_Eraser_20110510233422640
RP14: 12/05/2011 11:28:38 - System Checkpoint
RP15: 13/05/2011 17:24:12 - System Checkpoint
RP16: 16/05/2011 15:46:11 - System Checkpoint
RP17: 17/05/2011 15:50:39 - System Checkpoint
RP18: 18/05/2011 18:45:47 - System Checkpoint
RP19: 18/05/2011 20:20:08 - Removed Java(TM) 6 Update 16
RP20: 18/05/2011 20:31:53 - Installed Java(TM) 6 Update 25
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Akamai NetSession Interface
Broadcom 440x 10/100 Integrated Controller
CAM UnZip 4.42
CCleaner
CutePDF Writer 2.8
GIMP 2.6.8
Google Chrome
GPL Ghostscript 8.71
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 25
Junkyard Adventures in Space
Letts Practise Maths Stage 1
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVC80_x86_v2
NETGEAR WG111v3 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Internet Security
Norton Safe Web Lite
OpenOffice.org 3.1
PC Connectivity Solution
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype web features
Skype™ 4.1
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
WebFldrs XP
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 2
.
==== Event Viewer Messages From Past Week ========
.
18/05/2011 20:27:13, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
18/05/2011 17:43:47, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E2AB424D5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
17/05/2011 13:32:07, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 000D56571AAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
16/05/2011 14:58:55, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
13/05/2011 22:13:09, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/05/2011 10:24:23, error: Service Control Manager [7000] - The System Event Notification service failed to start due to the following error: All pipe instances are busy.
12/05/2011 10:01:39, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
12/05/2011 10:01:39, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
12/05/2011 09:59:29, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E2AB424D5 has been denied by the DHCP server 10.46.103.217 (The DHCP Server sent a DHCPNACK message).
11/05/2011 13:42:46, information: Windows File Protection [64004] - The protected system file regedt32.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.0 The specific error code is 0xfffffdda.
11/05/2011 08:11:08, information: Windows File Protection [64004] - The protected system file regedt32.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
11/05/2011 08:04:08, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
11/05/2011 07:56:45, error: PlugPlayManager [11] - The device Root\LEGACY_SMR162\0000 disappeared from the system without first being prepared for removal.
11/05/2011 07:48:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
.
==== End Of File ===========================

*PC2*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06/06/2010 21:02:57
System Uptime: 18/05/2011 20:47:24 (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 64.294 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 05/05/2011 20:53:12 - Installed AirPlus G
RP3: 05/05/2011 20:53:25 - Installed ANIO Service
RP4: 05/05/2011 20:53:34 - Installed ANIWZCS2 Service
RP5: 06/05/2011 02:47:31 - Software Distribution Service 3.0
RP6: 06/05/2011 11:04:30 - Software Distribution Service 3.0
RP7: 06/05/2011 20:57:34 - Software Distribution Service 3.0
RP8: 06/05/2011 21:01:20 - Installed Windows Internet Explorer 8.
RP9: 06/05/2011 21:02:12 - Software Distribution Service 3.0
RP10: 06/05/2011 21:52:11 - Removed Tiscali Internet
RP11: 06/05/2011 21:53:21 - Removed Wanadoo Europe Installer
RP12: 06/05/2011 22:54:56 - Software Distribution Service 3.0
RP13: 07/05/2011 23:26:37 - System Checkpoint
RP14: 08/05/2011 00:52:54 - Software Distribution Service 3.0
RP15: 08/05/2011 03:00:25 - Software Distribution Service 3.0
RP16: 09/05/2011 02:44:55 - Software Distribution Service 3.0
RP17: 10/05/2011 00:17:18 - Software Distribution Service 3.0
RP18: 10/05/2011 14:40:14 - Software Distribution Service 3.0
RP19: 10/05/2011 17:50:43 - Software Distribution Service 3.0
RP20: 11/05/2011 00:13:03 - Software Distribution Service 3.0
RP21: 12/05/2011 01:34:05 - Software Distribution Service 3.0
RP22: 12/05/2011 23:30:58 - Software Distribution Service 3.0
RP23: 14/05/2011 01:08:58 - Software Distribution Service 3.0
RP24: 14/05/2011 11:44:41 - Software Distribution Service 3.0
RP25: 14/05/2011 13:58:44 - Software Distribution Service 3.0
RP26: 14/05/2011 20:20:29 - Software Distribution Service 3.0
RP27: 15/05/2011 09:45:49 - Software Distribution Service 3.0
RP28: 15/05/2011 23:35:38 - Software Distribution Service 3.0
RP29: 16/05/2011 23:08:32 - Software Distribution Service 3.0
RP30: 17/05/2011 13:15:32 - Software Distribution Service 3.0
RP31: 17/05/2011 19:10:31 - Software Distribution Service 3.0
RP32: 18/05/2011 02:03:09 - Software Distribution Service 3.0
RP33: 18/05/2011 20:44:13 - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP34: 18/05/2011 20:48:47 - Installed Java(TM) 6 Update 25
.
==== Installed Programs ======================
.
725plc32
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AirPlus G
ANIO Service
ANIWZCS2 Service
ARTEuro
CinepPlayer 30 Update
Corel Paint Shop Pro X
Corel Photo Album 6
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Dell System Restore
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java Auto Updater
Java(TM) 6 Update 25
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Works 7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic Activation Module
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB891781
.
==== Event Viewer Messages From Past Week ========
.
18/05/2011 20:44:42, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
18/05/2011 01:11:02, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001E5895137D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Do the following for each of the computers please.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## GIRLY1 (May 11, 2011)

Quick question, before starting

My mouse and wireless adapter for PC1 and PC2 run off USB ports, will this be a problem?

Thanks


----------



## Cookiegal (Aug 27, 2003)

No, it won't interfere with those.


----------



## GIRLY1 (May 11, 2011)

I have a problem(PC2). I am getting a popup box warning from Comboxfix as below

The above realtime scanner(s) are still active but the ComboFix shall continue to run. Kindly note that this is at your own risk.

I have checked everywhere and do not have McAfee running(I only have Norton AntiVirus which I have disabled). I have tried to locate McAfee but cannot find it anywhere, there are no shortcuts, icons either on the desktop or bottom right hand corner on the bar and therefore cannot disable it.

The only place that I could find reference to McAfee was in the Window Security Centre under the heading Virus Protection.
McAFee VirusScan reports that it is upto date and Virus scanning is on. I have tried to turn this off but does not allow me to do this. I have tried right clicking, left clicking, highlighting but it does not allow me to turn it off. Same goes for the Automative Updates. 

The Firewall in the Window Security centre is off.

Guidance required as to whether to continue or not, as the Combofix popup box only has a Ok button and no Cancel button. It does have a red X in the top right hand corner of the popup box.

Thanks


----------



## Cookiegal (Aug 27, 2003)

Are you getting that on both computers? I only see this on PC2:

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

Did you try to uninstall McAfee Spam Killer recently?

Do you have any other McAfee products?


----------



## GIRLY1 (May 11, 2011)

I have started with PC2 and have not tried PC1 as yet.

I installed Norton recently as previously advised. And when installing Norton it requested that I had to uninstall McAfee.

No other McAfee products that I know of.


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

*O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall*

Then delete this folder if it still exists:

C:\Program Files\*McAfee*

Then reboot and try running ComboFix again.


----------



## GIRLY1 (May 11, 2011)

Carried out all your instructions, had to delete folder

C:\Program Files\McAfee 

Ran ComboFix again and popup box still advising that AntiVirus McAfee VirusScan still active.
Please disable these scanners before clicking OK.

Awaiting further instructions

Thanks


----------



## Cookiegal (Aug 27, 2003)

Please visit the following link and go to step 2 to download and run the McAfee Removal Tool. Please reboot the machine once you've run it and then try ComboFix again.

http://service.mcafee.com/FAQDocument.aspx?id=TS100507


----------



## GIRLY1 (May 11, 2011)

O.k. ComboFix is running on PC2.

I have just tried running Combofix on PC1 and this time it is advising that it has a problem with 
Norton Internet Security
even after I turned off AntiVirus, Antispyware and Smart Firewall.
I then proceeded to turn off all other settings, Intrusion Prevention, Email Protection, Identity Safe, Browser Protection, Safe Surfing and Download Intelligence.
Combofix still came back with 
The above realtime scanner(s) are still active but the ComboFix shall continue to run. Kindly note that this is at your own risk.

Guidance required. Thanks


----------



## GIRLY1 (May 11, 2011)

Please find pasted ComboFix and Hijackthis logs for

*PC2*

ComboFix 11-05-18.04 - Admin 19/05/2011 23:27:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.164 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\puppy.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-18 19:49 . 2011-05-18 19:49 -------- d-----w- c:\program files\Common Files\Java
2011-05-18 19:49 . 2011-05-18 19:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:49 . 2011-05-18 19:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-13 11:07 . 2011-05-13 11:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe
2011-05-13 11:07 . 2011-05-13 11:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-10 15:05 . 2004-08-03 22:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-05-08 14:42 . 2011-05-08 14:42 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
2011-05-08 14:20 . 2011-05-19 19:33 -------- d-----w- C:\surj
2011-05-06 21:09 . 2011-05-06 21:09 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-05-06 21:09 . 2011-05-06 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-06 21:09 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 21:09 . 2011-05-06 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-06 21:09 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 21:06 . 2011-05-06 21:06 -------- d-----w- c:\windows\Sun
2011-05-06 21:04 . 2011-05-06 21:04 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-05-06 20:13 . 2011-05-06 20:13 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2011-05-06 20:06 . 2011-05-06 20:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-06 20:04 . 2011-05-06 20:04 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2011-05-06 20:00 . 2011-05-06 20:01 -------- dc-h--w- c:\windows\ie8
2011-05-06 19:56 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-06 19:56 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-06 19:56 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-05-06 19:56 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-06 19:56 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-05-06 19:56 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-06 19:56 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-05-06 10:15 . 2011-05-06 10:15 -------- d-----w- c:\windows\ServicePackFiles
2011-05-06 09:59 . 2011-05-06 15:00 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-05-06 09:55 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-06 09:53 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys
2011-05-06 09:52 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-05-06 09:52 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-05-06 09:52 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-05-06 09:52 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-05-06 09:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-05-06 09:51 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-05-06 09:51 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-06 09:51 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-05-06 09:51 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-05-06 09:49 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-06 09:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-05-06 09:45 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-05-06 09:44 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-05-06 09:43 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-05-06 01:47 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-05-05 22:20 . 2011-05-05 22:20 -------- d-sh--w- c:\documents and settings\Admin\UserData
2011-05-05 20:35 . 2011-05-09 22:52 -------- d-----w- c:\program files\Symantec
2011-05-05 20:35 . 2011-05-09 22:52 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-05 20:35 . 2011-05-09 22:52 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-05 20:35 . 2011-05-05 20:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-05 20:34 . 2011-05-10 08:58 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-05 20:34 . 2011-05-05 20:34 -------- d-----w- c:\program files\Norton Internet Security
2011-05-05 20:34 . 2011-05-05 20:34 -------- d-----w- c:\program files\Windows Sidebar
2011-05-05 20:34 . 2011-05-05 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-05-05 20:22 . 2011-05-05 20:22 -------- d-----w- c:\program files\NortonInstaller
2011-05-05 19:51 . 2005-11-03 19:39 245504 ----a-w- c:\windows\system32\drivers\Dr71WU.sys
2011-05-05 19:51 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-05-05 19:51 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-05-05 19:51 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-05-05 19:51 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-05-05 19:51 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-05-05 19:51 . 2011-05-05 19:51 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-05-05 19:51 . 2011-05-05 19:51 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-05-02 17:59 . 2011-05-02 17:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Template
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-27 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-27 98304]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [09/05/2011 23:52 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [09/05/2011 23:52 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [18/05/2011 23:17 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [09/05/2011 23:52 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [09/05/2011 23:52 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/05/2011 10:59 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSXpx86.sys [19/05/2011 08:26 341944]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 23:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-05-19 23:38:18
ComboFix-quarantined-files.txt 2011-05-19 22:38
.
Pre-Run: 68,942,618,624 bytes free
Post-Run: 68,959,305,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 33AFC825E170A453768E3F7ACC06A37E

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:55:46, on 20/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 5700 bytes


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> O.k. ComboFix is running on PC2.
> 
> I have just tried running Combofix on PC1 and this time it is advising that it has a problem with
> Norton Internet Security
> ...


is this the same version of NIS that is running on the other computer?


----------



## GIRLY1 (May 11, 2011)

Yes it is
Version : 18.6.0.29


----------



## Cookiegal (Aug 27, 2003)

OK, well let's hold off running ComboFix on that one for now.

I see you have installed MalwareBytes so please update it and then run a Full Scan on both PCs and post the logs back.


When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## GIRLY1 (May 11, 2011)

Please find below MBAM logs for both PC's

*PC1*
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6628
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
20/05/2011 18:23:47
mbam-log-2011-05-20 (18-23-47).txt
Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 190580
Time elapsed: 1 hour(s), 5 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

*PC2*

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6627
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
20/05/2011 17:32:57
mbam-log-2011-05-20 (17-32-57).txt
Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 159479
Time elapsed: 18 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Please do this on both as well and post the logs.

Please run the following on-line scanner:

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## GIRLY1 (May 11, 2011)

Ok all done

*PC1*
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=cd49e7ffbe23ad43a2c32a8016e65474
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-20 07:17:55
# local_time=2011-05-20 08:17:55 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 252 252 0 0
# scanned=42973
# found=0
# cleaned=0
# scan_time=2357

*PC2*
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=54f1ac06a4e3de44a082c4b490f5f2a3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-20 06:49:05
# local_time=2011-05-20 07:49:05 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777174 85 82 898316 9809045 0 0
# compatibility_mode=8192 67108863 100 0 305 305 0 0
# scanned=37532
# found=2
# cleaned=2
# scan_time=1114
C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0003682.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


----------



## Cookiegal (Aug 27, 2003)

One last thing I want you to run on these two and then we can start working on the other one.

Please download *MBRCheck.exe* to your desktop.

Be sure to disable your security programs prior to running the tool. 
Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
_(Vista and Windows 7 users will have to confirm the UAC prompt)_
A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press *N* then press *Enter*.
Press *Enter* again to exit the program.
If nothing unusual is found, you will be shown the machine MBR status. Just press *Enter* to exit.
A text file named *MBRCheck_mm.dd.yy_hh.mm.ss* should appear on your deskop. Please post the contents of that file.


----------



## GIRLY1 (May 11, 2011)

OK All done

*PC1*
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8A37000 \WINDOWS\system32\KDCOM.DLL
0xF8947000 \WINDOWS\system32\BOOTVID.dll
0xF84E8000 ACPI.sys
0xF8A39000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D7000 pci.sys
0xF8537000 isapnp.sys
0xF8AFF000 pciide.sys
0xF87B7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8A3B000 intelide.sys
0xF8547000 MountMgr.sys
0xF84B8000 ftdisk.sys
0xF8A3D000 dmload.sys
0xF8492000 dmio.sys
0xF87BF000 PartMgr.sys
0xF8557000 VolSnap.sys
0xF847A000 atapi.sys
0xF8567000 disk.sys
0xF8577000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF845B000 fltmgr.sys
0xF8404000 SYMDS.SYS
0xF83F2000 sr.sys
0xF8337000 SYMEFA.SYS
0xF8587000 PxHelp20.sys
0xF8320000 KSecDD.sys
0xF8293000 Ntfs.sys
0xF8266000 NDIS.sys
0xF824B000 Mup.sys
0xF86B7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7A1E000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7A0A000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF884F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF79E7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8857000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF86C7000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
0xF885F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF86D7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8867000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF86E7000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8A17000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF79D3000 \SystemRoot\System32\DRIVERS\parport.sys
0xF86F7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8707000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8717000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF79B0000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7970000 \SystemRoot\system32\drivers\smwdm.sys
0xF794C000 \SystemRoot\system32\drivers\portcls.sys
0xF8727000 \SystemRoot\system32\drivers\drmk.sys
0xF787C000 \SystemRoot\system32\drivers\senfilt.sys
0xF8B18000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8737000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A1F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7865000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8747000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8757000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF886F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7854000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8767000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8877000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF887F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7763000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8787000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8887000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8AEB000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF768F000 \SystemRoot\System32\DRIVERS\update.sys
0xF8212000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF87A7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF85B7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8AED000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8897000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xEF561000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSP.SYS
0xEF53D000 \SystemRoot\system32\drivers\NIS\1206000.01D\Ironx86.SYS
0xF85D7000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
0xEF517000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF7B08000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF8637000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF88A7000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF88B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEF345000 \SystemRoot\System32\DRIVERS\wg111v3.sys
0xF89E7000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF8AB9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C53000 \SystemRoot\System32\Drivers\Null.SYS
0xF8ABB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8807000 \SystemRoot\System32\drivers\vga.sys
0xF8ABD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8ABF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF880F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8817000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A0B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF312000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEF2BA000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEF261000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMTDI.SYS
0xEF209000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSxpx86.sys
0xEF1E1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEF1BF000 \SystemRoot\System32\drivers\afd.sys
0xF7743000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEF193000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEF124000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7723000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF0C6000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEF0A8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEEFB8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
0xF7703000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF76F3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF89CB000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xEEFA0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8ACF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AF8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8847000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BB7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
0xF88BF000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xF8627000 \SystemRoot\System32\DRIVERS\EAPPkt.sys
0xEEE78000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEEC2B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8A7D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEEABC000 \SystemRoot\System32\DRIVERS\srv.sys
0xEE93F000 \SystemRoot\system32\drivers\wdmaud.sys
0xEEB83000 \SystemRoot\system32\drivers\sysaudio.sys
0xF892F000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xEE309000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDED6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDB17000 \SystemRoot\system32\drivers\kmixer.sys
0xED9A0000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110520.002\NAVEX15.SYS
0xED98C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110520.002\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 37):
0 System Idle Process
4 System
416 C:\WINDOWS\system32\smss.exe
784 csrss.exe
808 C:\WINDOWS\system32\winlogon.exe
852 C:\WINDOWS\system32\services.exe
864 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1416 svchost.exe
1664 C:\WINDOWS\system32\spoolsv.exe
1740 svchost.exe
1772 C:\WINDOWS\system32\svchost.exe
1816 C:\Program Files\Java\jre6\bin\jqs.exe
1840 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1864 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
1908 C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
1976 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
656 C:\WINDOWS\explorer.exe
788 C:\WINDOWS\system32\hkcmd.exe
1032 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1248 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1340 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1488 C:\WINDOWS\system32\ctfmon.exe
464 C:\Program Files\Messenger\msmsgs.exe
720 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
2992 C:\WINDOWS\system32\svchost.exe
3260 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3392 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3492 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2832 C:\WINDOWS\system32\wuauclt.exe
3972 C:\Program Files\Internet Explorer\iexplore.exe
1964 C:\Program Files\Internet Explorer\iexplore.exe
1100 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
PhysicalDrive0 Model Number: Maxtor6E040L0, Rev: NAR61590
Size Device Name MBR Status
--------------------------------------------
38 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

*PC2*

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line: 
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 pciide.sys
0xF87B8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF84A1000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8482000 fltMgr.sys
0xF842B000 SYMDS.SYS
0xF8419000 sr.sys
0xF835E000 SYMEFA.SYS
0xF8348000 DRVMCDB.SYS
0xF87C8000 PxHelp20.sys
0xF8331000 KSecDD.sys
0xF82A4000 Ntfs.sys
0xF8277000 NDIS.sys
0xF825C000 Mup.sys
0xF8688000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8138000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8124000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8850000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF8101000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8858000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF80DB000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8860000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8698000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8868000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF86A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xF89F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF80C7000 \SystemRoot\system32\DRIVERS\parport.sys
0xF86B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A9A000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF86C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF86D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF80A4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8064000 \SystemRoot\system32\drivers\smwdm.sys
0xF8040000 \SystemRoot\system32\drivers\portcls.sys
0xF86E8000 \SystemRoot\system32\drivers\drmk.sys
0xF7F8D000 \SystemRoot\system32\drivers\senfilt.sys
0xF8B5A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF86F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF89F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7F57000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8708000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8718000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8870000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7F46000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8728000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8878000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8880000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8758000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8888000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8AA0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7F12000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A08000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8768000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8788000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8AA4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8890000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8AA6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8AA8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B19000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AAA000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88A8000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF88B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF88B8000 \SystemRoot\System32\drivers\vga.sys
0xF8AAC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AAE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88C0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88C8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8227000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEFD97000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEFD3F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEFCE6000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
0xEFCC0000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEFC68000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSxpx86.sys
0xEFC40000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEFC1E000 \SystemRoot\System32\drivers\afd.sys
0xF87A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEFBFA000 \SystemRoot\system32\drivers\NIS\1206000.01D\Ironx86.SYS
0xF8598000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
0xEFBCF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEFB38000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF85A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xEFB17000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEFAB9000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEFA9B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEF9D3000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
0xF85B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8638000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF997000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
0xEF957000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8ACC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7EF2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8930000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C11000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF070000 \SystemRoot\System32\ialmdd5.DLL
0xF8608000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8B1F000 \SystemRoot\System32\DLA\DLADResN.SYS
0xEF801000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xEFBC3000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF8A46000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF87F0000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xEF7E9000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xEF7D3000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEF82F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF3D6000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF533000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF05A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF88E0000 \??\C:\WINDOWS\system32\ANIO.SYS
0xF8A70000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEEFB3000 \SystemRoot\system32\DRIVERS\srv.sys
0xEE9AA000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE8FC000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
0xEE47C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEF016000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xEE739000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEDD55000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xED698000 \SystemRoot\system32\drivers\kmixer.sys
0xED521000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110520.002\NAVEX15.SYS
0xED50D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110520.002\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 41):
0 System Idle Process
4 System
552 C:\WINDOWS\system32\smss.exe
656 csrss.exe
804 C:\WINDOWS\system32\winlogon.exe
848 C:\WINDOWS\system32\services.exe
860 C:\WINDOWS\system32\lsass.exe
1024 C:\WINDOWS\system32\svchost.exe
1080 svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1180 svchost.exe
1244 svchost.exe
1528 C:\WINDOWS\explorer.exe
1692 C:\WINDOWS\system32\spoolsv.exe
1828 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1844 C:\WINDOWS\system32\hkcmd.exe
1852 C:\WINDOWS\system32\igfxpers.exe
1868 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
1932 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1984 C:\Program Files\Real\RealPlayer\realplay.exe
2044 C:\Program Files\QuickTime\qttask.exe
160 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
188 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
204 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
240 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
264 C:\Program Files\Common Files\Java\Java Update\jusched.exe
292 C:\Program Files\Dell Support\DSAgnt.exe
652 svchost.exe
708 C:\Program Files\Java\jre6\bin\jqs.exe
972 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
1320 wdfmgr.exe
2916 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
3044 C:\WINDOWS\system32\svchost.exe
496 alg.exe
2328 C:\WINDOWS\system32\svchost.exe
1412 C:\WINDOWS\system32\ctfmon.exe
3628 C:\WINDOWS\system32\wuauclt.exe
3992 C:\Program Files\Internet Explorer\iexplore.exe
956 C:\Program Files\Internet Explorer\iexplore.exe
3180 C:\WINDOWS\system32\wscntfy.exe
2316 C:\Documents and Settings\Admin\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
PhysicalDrive0 Model Number: WDCWD800BB-75JHC0, Rev: 06.01C06
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Done!


----------



## Cookiegal (Aug 27, 2003)

What is the brand name, make and model of PC1 and PC2?


----------



## GIRLY1 (May 11, 2011)

PC1 - DELL Dimension 2400
PC2 - DELL Dimension 1100


----------



## Cookiegal (Aug 27, 2003)

Please do this for both PCs.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## GIRLY1 (May 11, 2011)

*PC1*

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-20 22:29:13
-----------------------------
22:29:13.656 OS Version: Windows 5.1.2600 Service Pack 2
22:29:13.656 Number of processors: 1 586 0x209
22:29:13.656 ComputerName: DELLRICE UserName: 
22:29:14.687 Initialize success
22:29:48.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:29:48.921 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
22:29:50.953 Disk 0 MBR read successfully
22:29:50.968 Disk 0 MBR scan
22:29:50.968 Disk 0 Windows XP default MBR code
22:29:52.968 Disk 0 scanning sectors +80276805
22:29:53.000 Disk 0 scanning C:\WINDOWS\system32\drivers
22:30:06.703 Service scanning
22:30:09.046 Disk 0 trace - called modules:
22:30:09.078 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
22:30:09.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82389ab8]
22:30:09.093 3 CLASSPNP.SYS[f857805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8236fb00]
22:30:09.093 Scan finished successfully
22:30:26.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:30:26.593 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

*PC2*

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-20 22:33:03
-----------------------------
22:33:03.781 OS Version: Windows 5.1.2600 Service Pack 2
22:33:03.781 Number of processors: 1 586 0x401
22:33:03.781 ComputerName: D6KLM72J UserName: Admin
22:33:04.640 Initialize success
22:33:08.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:33:08.406 Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
22:33:10.421 Disk 0 MBR read successfully
22:33:10.421 Disk 0 MBR scan
22:33:10.421 Disk 0 unknown MBR code
22:33:12.421 Disk 0 scanning sectors +156232125
22:33:12.437 Disk 0 scanning C:\WINDOWS\system32\drivers
22:33:18.218 Service scanning
22:33:19.312 Disk 0 trace - called modules:
22:33:19.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
22:33:19.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823dcab8]
22:33:19.312 3 CLASSPNP.SYS[f857905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823ddb00]
22:33:19.312 Scan finished successfully
22:33:50.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
22:33:50.171 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

The one for PC2 is missing.


----------



## GIRLY1 (May 11, 2011)

You are too fast for me, was in the middle of copy and pasting when you replied. )


----------



## Cookiegal (Aug 27, 2003)

Sorry. I know it's getting late for you over there. 

The last tool I had you run created a back up of the MBR on your desktop. I would like you do the following with that file on PC2 only.

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
C:\Documents and Settings\Admin\Desktop\MBR.dat
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## GIRLY1 (May 11, 2011)

No need to be sorry, can stay up all night if neccessary. And just glad and appreciate all your help on this. Haven't a clue what your are getting me to do, you lost me way at the beginning but happy to follow your instructions.

*PC2*

http://www.virustotal.com/file-scan...658b8a6670237023c61bdb6109d4eab14d-1305927600


----------



## Cookiegal (Aug 27, 2003)

The link shows the file is still in the queue so you have to wait for the results. If that one takes too long, try this one:

http://virusscan.jotti.org/


----------



## Cookiegal (Aug 27, 2003)

I would also like you to do this on both PCs:

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## GIRLY1 (May 11, 2011)

The VirusTotal advised that the current status was finished.

I have run the Visuscan jotti

http://virusscan.jotti.org/en-gb/scanresult/6df0fee717ac0da0ef7dfa72b47fb0e48e4bff0a


----------



## Cookiegal (Aug 27, 2003)

That one didn't run right either.

Can you give me the link to the Virus Total one that shows it's finished please?


----------



## GIRLY1 (May 11, 2011)

OK GMER logs all done

*PC1*

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-21 00:44:47
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: 2ie7txmn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtcapod.sys

---- System - GMER 1.0.15 ----
SSDT 81C8E590 ZwAlertResumeThread
SSDT 81C8E670 ZwAlertThread
SSDT 81C653B8 ZwAllocateVirtualMemory
SSDT 82099868 ZwAssignProcessToJobObject
SSDT 81FB4290 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEF52D710]
SSDT 81C65F00 ZwCreateMutant
SSDT 81C61100 ZwCreateSymbolicLinkObject
SSDT 81C19118 ZwCreateThread
SSDT 82097ED0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEF52D990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEF52DEF0]
SSDT 81E74ED0 ZwDuplicateObject
SSDT 81BA82B0 ZwFreeVirtualMemory
SSDT 81C65FD0 ZwImpersonateAnonymousToken
SSDT 8201CF48 ZwImpersonateThread
SSDT 81E9FE38 ZwLoadDriver
SSDT 81E90FB0 ZwMapViewOfSection
SSDT 81C63F90 ZwOpenEvent
SSDT 81AFE2D8 ZwOpenProcess
SSDT 81FD6A00 ZwOpenProcessToken
SSDT 8209D620 ZwOpenSection
SSDT 81E74FC0 ZwOpenThread
SSDT 82099778 ZwProtectVirtualMemory
SSDT 81E5E888 ZwResumeThread
SSDT 81E60890 ZwSetContextThread
SSDT 81E60970 ZwSetInformationProcess
SSDT 82097F90 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEF52E140]
SSDT 81C63ED0 ZwSuspendProcess
SSDT 81E5E968 ZwSuspendThread
SSDT 81C83118 ZwTerminateProcess
SSDT 82088840 ZwTerminateThread
SSDT 81E90ED0 ZwUnmapViewOfSection
SSDT 81C652C8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 384 804E29F0 4 Bytes [88, E8, E5, 81] {MOV AL, CH; IN EAX, 0x81}
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7900F80]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1
---- EOF - GMER 1.0.15 ----

*PC2*
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-21 00:46:26
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75JHC0 rev.06.01C06
Running: uyxz5p18.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awdyapod.sys

---- System - GMER 1.0.15 ----
SSDT 81C653E0 ZwAlertResumeThread
SSDT 819221F0 ZwAlertThread
SSDT 81A6C1F0 ZwAllocateVirtualMemory
SSDT 81ECA238 ZwAssignProcessToJobObject
SSDT 81E77108 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEFCD6710]
SSDT 81A531F0 ZwCreateMutant
SSDT 820294F8 ZwCreateSymbolicLinkObject
SSDT 81EDF8E0 ZwCreateThread
SSDT 81F62830 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEFCD6990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFCD6EF0]
SSDT 81A6A1F0 ZwDuplicateObject
SSDT 81F3B1F8 ZwFreeVirtualMemory
SSDT 81ED3D90 ZwImpersonateAnonymousToken
SSDT 81F5FDF0 ZwImpersonateThread
SSDT 81F914C0 ZwLoadDriver
SSDT 81EDC3B8 ZwMapViewOfSection
SSDT 81A72200 ZwOpenEvent
SSDT 82060D58 ZwOpenProcess
SSDT 81A66200 ZwOpenProcessToken
SSDT 81A14200 ZwOpenSection
SSDT 81A891F0 ZwOpenThread
SSDT 81ECA168 ZwProtectVirtualMemory
SSDT 81C71250 ZwResumeThread
SSDT 81C577E8 ZwSetContextThread
SSDT 8201DBD0 ZwSetInformationProcess
SSDT 820141D0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFCD7140]
SSDT 81F80B58 ZwSuspendProcess
SSDT 82032AB0 ZwSuspendThread
SSDT 81EC2408 ZwTerminateProcess
SSDT 81C577B0 ZwTerminateThread
SSDT 81F80710 ZwUnmapViewOfSection
SSDT 81F19DE0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 3A0 804E2A0C 4 Bytes CALL C2CFEF88 
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8011F80]
? C:\DOCUME~1\Admin\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

On PC1 please do the following:

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
C:\Windows\Systeme32\regedt32.exe
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## Cookiegal (Aug 27, 2003)

Also, please provide the link to the scan result for the previous one I had you check:

C:\Documents and Settings\Admin\Desktop\MBR.dat


----------



## GIRLY1 (May 11, 2011)

My partner did a stupid thing this morning when PC2 was switched on, he got a popup box from Adobe advising to install the latest Adobe Flash Player version. He continued to download the latest version which is Adobe Flash Player 10.3.181.14.

All seemed fine but when trying to play a song on youtube, it did not play at the correct speed. It was like if the song was playing in slower motion and took longer than normal to play and finish. I tried playing a news item and got the same result, slower. When switching off and on the PC, the Windows 4 tone note was also slow. 
Don't know how to fix that now, another thing to fix.

Before this download everthing was working fine with songs etc.

I'm so sorry for this, I hope this will not interfere with what we are doing.


----------



## Cookiegal (Aug 27, 2003)

OK, it shouldn't have caused any problems doing that but we'll see if we can't fix that as well. I'll wait for you to carry out the last tasks and reply back.


----------



## GIRLY1 (May 11, 2011)

Linkfor scan on PC2 is

http://www.virustotal.com/file-scan/...14d-1305927600


----------



## GIRLY1 (May 11, 2011)

Can you just clarify the filename, should it be 

C:\Windows\System32\regedt32.exe

and not 

C:\Windows\Systeme32\regedt32.exe

As this one does not work

Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes, I'm sorry, that was a typo on my part.


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> Linkfor scan on PC2 is
> 
> http://www.virustotal.com/file-scan/...14d-1305927600


This link is truncated and doesn't work. You need to post the full link please.


----------



## GIRLY1 (May 11, 2011)

Cookiegal said:


> This link is truncated and doesn't work. You need to post the full link please.


Sorry..I do not have the link in full anymore. I can re-run it


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> Sorry..I do not have the link in full anymore. I can re-run it


Yes, please do.


----------



## Cookiegal (Aug 27, 2003)

I would also like you to check the Event Viewer on PC2 for errors, as follows:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## GIRLY1 (May 11, 2011)

Virus Total Scan for *PC1*

http://www.virustotal.com/file-scan...0cd250f2e28f41f4cb7371af3148b6163f-1306005189


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> Virus Total Scan for *PC1*
> 
> http://www.virustotal.com/file-scan...0cd250f2e28f41f4cb7371af3148b6163f-1306005189


Again it's still queued and not finished. You have to wait for it to finish and give the result before sending the URL please.


----------



## GIRLY1 (May 11, 2011)

I wish you could see what I am seeing as it it it advising that the current status is finished. I did wait for it to finish before submitting URL.

Do you know how long this usually takes to run? 

I have run the Virus Total scan on PC2 and that has after analysis now finished. (Approx 3-4 minutes)

It also looks like as soon as I post it here it it pastes in full but then truncates it as soon as I click Post Quick Reply.

I have put a quote at the beginning of the URL this time so that you can see it in full.

'http://www.virustotal.com/file-scan/report.html?id=520e33be38e0bad2d0857a312178da658b8a6670237023c61bdb6109d4eab14d-1306005041

Maybe I'm doing something wrong but I so wait until they are finished before submitting.


----------



## GIRLY1 (May 11, 2011)

Event Viewer Errors Logs for *PC2*

APPLICATION Errors

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 16/05/2011
Time: 08:26:33
User: N/A
Computer: D6KLM72J
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

SYSTEM Errors

Event Type: Error
Event Source: atapi
Event Category: None
Event ID: 9
Date: 20/05/2011
Time: 23:45:47
User: N/A
Computer: D6KLM72J
Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0f 00 50 00 01 00 a4 00 ..P...¤.
0008: 00 00 00 00 09 00 04 c0 .......À
0010: 00 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 07 00 00 00 ........
0038: 40 00 00 0e 00 00 00 00 @.......
0040: 00 20 0a 12 48 03 00 00 . ..H...
0048: 00 00 00 00 01 00 00 00 ........
0050: a0 68 c7 f8 e8 55 12 fc hÇøèU.ü
0058: 00 00 00 00 88 f9 c6 fb ....ùÆû
0060: 01 00 00 00 04 fb 00 00 .....û..
0068: 28 00 00 00 fb 04 00 00 (...û...
0070: 01 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: atapi
Event Category: None
Event ID: 9
Date: 20/05/2011
Time: 23:45:06
User: N/A
Computer: D6KLM72J
Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0f 00 50 00 01 00 a4 00 ..P...¤.
0008: 00 00 00 00 09 00 04 c0 .......À
0010: 00 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 07 00 00 00 ........
0038: 40 00 00 0e 00 00 00 00 @.......
0040: 00 20 0a 12 48 03 00 00 . ..H...
0048: 00 00 00 00 01 00 00 00 ........
0050: e8 a4 c2 f8 a8 00 1b 82 è¤Âø¨..
0058: 00 00 00 00 88 f9 c6 fb ....ùÆû
0060: 01 00 00 00 04 fb 00 00 .....û..
0068: 28 00 00 00 fb 04 00 00 (...û...
0070: 01 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 18/05/2011
Time: 20:44:53
User: N/A
Computer: D6KLM72J
Description:
The Application Management service terminated with the following error: 
The specified module could not be found. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 18/05/2011
Time: 01:11:02
User: N/A
Computer: D6KLM72J
Description:
The IP address lease 192.168.0.3 for the Network Card with network address 001E5895137D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

The links will truncate if they're too long but when you hover over them the full link should appear at the bottom of your browser's page but if you see a series of dots then it doesn't work. That's usually when someone has copied a truncated link as it appears on the board.

Anyway, try uploading them to Jotti's instead:

http://virusscan.jotti.org/


----------



## GIRLY1 (May 11, 2011)

Jottis scans

*PC1*

'http://virusscan.jotti.org/en-gb/scanresult/6541855b1c3ba0dd991035a156a8af106afb2d28

*PC2*

'http://virusscan.jotti.org/en-gb/scanresult/4bb97e2ae1dba26c1af352ef6d7b21d988cf2304


----------



## Cookiegal (Aug 27, 2003)

They both say acquiring previous results but I need them to scan your file. Was there an option to "scan again"?


----------



## GIRLY1 (May 11, 2011)

Yes there was an option to scan again and I did

*PC1 *

'http://virusscan.jotti.org/en-gb/scanresult/6541855b1c3ba0dd991035a156a8af106afb2d28/a7e76836b4159077f9ac809c163419bab7d3c47a
This file has been scanned before. The results for this previous scan are listed below.

--------------------------------------------------------------------------------

Filename: regedt32.exe 
Status: Scan finished. 0 out of 20 scanners reported malware. 
Scan taken on: Sat 21 May 2011 22:05:05 (CET) Permalink

*PC2*

'http://virusscan.jotti.org/en-gb/scanresult/4bb97e2ae1dba26c1af352ef6d7b21d988cf2304/f9afdb3a6f6479329d91cce5da775c8482541f5c
This file has been scanned before. The results for this previous scan are listed below.

--------------------------------------------------------------------------------

Filename: MBR.dat 
Status: Scan finished. 0 out of 20 scanners reported malware. 
Scan taken on: Sat 21 May 2011 22:13:49 (CET) Permalink


----------



## GIRLY1 (May 11, 2011)

I'll scan them again once again and post results


----------



## GIRLY1 (May 11, 2011)

*PC1*

'http://virusscan.jotti.org/en-gb/scanresult/a7e76836b4159077f9ac809c163419bab7d3c47a
Filename: regedt32.exe 
Status: Scan finished. 0 out of 19 scanners reported malware. 
Scan taken on: Sun 22 May 2011 02:12:43 (CET) Permalink

*PC2*


'http://virusscan.jotti.org/en-gb/scanresult/f9afdb3a6f6479329d91cce5da775c8482541f5c
Filename: MBR.dat 
Status: Scan finished. 0 out of 19 scanners reported malware. 
Scan taken on: Sun 22 May 2011 02:15:38 (CET) Permalink


----------



## Cookiegal (Aug 27, 2003)

Did you get this message again?

"_This file has been scanned before. The results for this previous scan are listed below_."

If you see that message, you have to press the Scan again button, so your file will be scanned.


----------



## GIRLY1 (May 11, 2011)

Yes, I clicked on the scan again button. All in all I have scanned them 3 times now.


----------



## Cookiegal (Aug 27, 2003)

Rather than posting the URL please copy and paste the results that you're seeing. You should see results for each of the anti-virus company scanners listed (about 20 of them).


----------



## GIRLY1 (May 11, 2011)

All done, I've done it on both Virus total and Jotti.

*PC1 - Virus Total*
'http://www.virustotal.com/file-scan/report.html?id=db6aef6ee3e98498dccc554a876fe70cd250f2e28f41f4cb7371af3148b6163f-1306078634
File name: regedt32.exe
Submission date: 2011-05-22 15:37:14 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)

Antivirus Version Last Update Result 
AhnLab-V3 2011.05.23.00 2011.05.22 - 
AntiVir 7.11.8.89 2011.05.21 - 
Antiy-AVL 2.0.3.7 2011.05.22 - 
Avast 4.8.1351.0 2011.05.22 - 
Avast5 5.0.677.0 2011.05.22 - 
AVG 10.0.0.1190 2011.05.22 - 
BitDefender 7.2 2011.05.22 - 
CAT-QuickHeal 11.00 2011.05.22 - 
ClamAV 0.97.0.0 2011.05.22 - 
Commtouch 5.3.2.6 2011.05.22 - 
Comodo 8794 2011.05.22 - 
DrWeb 5.0.2.03300 2011.05.22 - 
Emsisoft 5.1.0.5 2011.05.22 - 
eSafe 7.0.17.0 2011.05.19 - 
eTrust-Vet 36.1.8339 2011.05.20 - 
F-Prot 4.6.2.117 2011.05.22 - 
F-Secure 9.0.16440.0 2011.05.22 - 
Fortinet 4.2.257.0 2011.05.22 - 
GData 22 2011.05.22 - 
Ikarus T3.1.1.104.0 2011.05.22 - 
Jiangmin 13.0.900 2011.05.22 - 
K7AntiVirus 9.103.4693 2011.05.20 - 
Kaspersky 9.0.0.837 2011.05.22 - 
McAfee 5.400.0.1158 2011.05.22 - 
McAfee-GW-Edition 2010.1D 2011.05.21 - 
Microsoft 1.6903 2011.05.22 - 
NOD32 6142 2011.05.22 - 
Norman 6.07.07 2011.05.22 - 
nProtect 2011-05-22.01 2011.05.22 - 
Panda 10.0.3.5 2011.05.22 - 
PCTools 7.0.3.5 2011.05.19 - 
Prevx 3.0 2011.05.22 - 
Rising 23.58.06.03 2011.05.22 - 
Sophos 4.65.0 2011.05.22 - 
SUPERAntiSpyware 4.40.0.1006 2011.05.22 - 
Symantec 20111.1.0.186 2011.05.22 - 
TheHacker 6.7.0.1.202 2011.05.20 - 
TrendMicro 9.200.0.1012 2011.05.22 - 
TrendMicro-HouseCall 9.200.0.1012 2011.05.22 - 
VBA32 3.12.16.0 2011.05.20 - 
VIPRE 9355 2011.05.22 - 
ViRobot 2011.5.21.4472 2011.05.22 - 
VirusBuster 13.6.367.0 2011.05.22 -

*PC1 - Jotti*

'http://virusscan.jotti.org/en-gb/scanresult/05a6af00f6ee408cc76770a358246c447689fbc3
Filename: regedt32.exe 
Status: Scan finished. 0 out of 19 scanners reported malware. 
Scan taken on: Sun 22 May 2011 17:56:26 (CET) Permalink

2011-05-22 Found nothing 2011-05-21 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
Scanner unavailable 2011-05-22 Found nothing 
2011-05-21 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-20 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing

*PC2 - Virus Total*

'http://www.virustotal.com/file-scan/report.html?id=520e33be38e0bad2d0857a312178da658b8a6670237023c61bdb6109d4eab14d-1306079729
File name: MBR.dat
Submission date: 2011-05-22 15:55:29 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)

Antivirus Version Last Update Result 
AhnLab-V3 2011.05.23.00 2011.05.22 - 
AntiVir 7.11.8.89 2011.05.21 - 
Antiy-AVL 2.0.3.7 2011.05.22 - 
Avast 4.8.1351.0 2011.05.22 - 
Avast5 5.0.677.0 2011.05.22 - 
AVG 10.0.0.1190 2011.05.22 - 
BitDefender 7.2 2011.05.22 - 
CAT-QuickHeal 11.00 2011.05.22 - 
ClamAV 0.97.0.0 2011.05.22 - 
Commtouch 5.3.2.6 2011.05.22 - 
Comodo 8794 2011.05.22 - 
DrWeb 5.0.2.03300 2011.05.22 - 
Emsisoft 5.1.0.5 2011.05.22 - 
eSafe 7.0.17.0 2011.05.19 - 
eTrust-Vet 36.1.8339 2011.05.20 - 
F-Prot 4.6.2.117 2011.05.22 - 
F-Secure 9.0.16440.0 2011.05.22 - 
Fortinet 4.2.257.0 2011.05.22 - 
GData 22 2011.05.22 - 
Ikarus T3.1.1.104.0 2011.05.22 - 
Jiangmin 13.0.900 2011.05.22 - 
K7AntiVirus 9.103.4693 2011.05.20 - 
Kaspersky 9.0.0.837 2011.05.22 - 
McAfee 5.400.0.1158 2011.05.22 - 
McAfee-GW-Edition 2010.1D 2011.05.21 - 
Microsoft 1.6903 2011.05.22 - 
NOD32 6142 2011.05.22 - 
Norman 6.07.07 2011.05.22 - 
nProtect 2011-05-22.01 2011.05.22 - 
Panda 10.0.3.5 2011.05.22 - 
PCTools 7.0.3.5 2011.05.19 - 
Prevx 3.0 2011.05.22 - 
Rising 23.58.06.03 2011.05.22 - 
Sophos 4.65.0 2011.05.22 - 
SUPERAntiSpyware 4.40.0.1006 2011.05.22 - 
Symantec 20111.1.0.186 2011.05.22 - 
TheHacker 6.7.0.1.202 2011.05.20 - 
TrendMicro 9.200.0.1012 2011.05.22 - 
TrendMicro-HouseCall 9.200.0.1012 2011.05.22 - 
VBA32 3.12.16.0 2011.05.20 - 
VIPRE 9355 2011.05.22 - 
ViRobot 2011.5.21.4472 2011.05.22 - 
VirusBuster 13.6.367.0 2011.05.22 -

*PC2 - Jotti*

'http://virusscan.jotti.org/en-gb/scanresult/300714f07aa68228eccbd17742fc499aa5b47f81
Filename: MBR.dat 
Status: Scan finished. 0 out of 19 scanners reported malware. 
Scan taken on: Sun 22 May 2011 18:09:08 (CET) Permalink 
Scanners
2011-05-22 Found nothing 2011-05-21 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
Scanner unavailable 2011-05-22 Found nothing 
2011-05-21 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing 
2011-05-22 Found nothing 2011-05-20 Found nothing 
2011-05-22 Found nothing 2011-05-22 Found nothing


----------



## Cookiegal (Aug 27, 2003)

OK, the Virus Total ones are rendering correctly now so those files are fine.

Please run TDSSKiller on both PC1 and PC2. If that's clear then we can start working on the other one.

http://support.kaspersky.com/viruses/solutions?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.


----------



## GIRLY1 (May 11, 2011)

All done on both, nothing found on both

*PC1 - TDSSKiller log*

2011/05/22 17:52:08.0359 1280 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 17:52:10.0375 1280 ================================================================================
2011/05/22 17:52:10.0375 1280 SystemInfo:
2011/05/22 17:52:10.0375 1280 
2011/05/22 17:52:10.0375 1280 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/22 17:52:10.0375 1280 Product type: Workstation
2011/05/22 17:52:10.0375 1280 ComputerName: DELLRICE
2011/05/22 17:52:10.0375 1280 UserName: Administrator
2011/05/22 17:52:10.0375 1280 Windows directory: C:\WINDOWS
2011/05/22 17:52:10.0375 1280 System windows directory: C:\WINDOWS
2011/05/22 17:52:10.0375 1280 Processor architecture: Intel x86
2011/05/22 17:52:10.0375 1280 Number of processors: 1
2011/05/22 17:52:10.0375 1280 Page size: 0x1000
2011/05/22 17:52:10.0375 1280 Boot type: Normal boot
2011/05/22 17:52:10.0375 1280 ================================================================================
2011/05/22 17:52:13.0000 1280 Initialize success
2011/05/22 17:52:19.0937 2520 ================================================================================
2011/05/22 17:52:19.0937 2520 Scan started
2011/05/22 17:52:19.0937 2520 Mode: Manual; 
2011/05/22 17:52:19.0937 2520 ================================================================================
2011/05/22 17:52:21.0906 2520 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/22 17:52:22.0078 2520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/22 17:52:22.0312 2520 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/22 17:52:22.0484 2520 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/22 17:52:22.0671 2520 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/22 17:52:23.0593 2520 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/22 17:52:23.0765 2520 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/22 17:52:23.0984 2520 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/22 17:52:24.0156 2520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/22 17:52:24.0343 2520 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/22 17:52:24.0484 2520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/22 17:52:24.0765 2520 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/05/22 17:52:25.0031 2520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/22 17:52:25.0187 2520 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/22 17:52:25.0468 2520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/22 17:52:25.0656 2520 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/22 17:52:25.0828 2520 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/22 17:52:26.0531 2520 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/22 17:52:26.0703 2520 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/22 17:52:26.0890 2520 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/22 17:52:27.0062 2520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/22 17:52:27.0234 2520 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/22 17:52:27.0437 2520 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/22 17:52:27.0578 2520 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/05/22 17:52:27.0750 2520 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/22 17:52:27.0937 2520 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/22 17:52:28.0171 2520 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/22 17:52:28.0343 2520 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/22 17:52:28.0531 2520 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/05/22 17:52:28.0703 2520 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/22 17:52:28.0859 2520 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/22 17:52:29.0062 2520 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/22 17:52:29.0250 2520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/22 17:52:29.0343 2520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/22 17:52:29.0500 2520 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/22 17:52:29.0671 2520 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/22 17:52:29.0859 2520 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/22 17:52:30.0281 2520 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/22 17:52:30.0453 2520 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/22 17:52:30.0828 2520 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSxpx86.sys
2011/05/22 17:52:31.0046 2520 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/22 17:52:31.0359 2520 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/22 17:52:31.0500 2520 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/22 17:52:31.0609 2520 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/22 17:52:31.0781 2520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/22 17:52:31.0937 2520 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/22 17:52:32.0062 2520 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/22 17:52:32.0203 2520 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/22 17:52:32.0343 2520 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/22 17:52:32.0484 2520 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/22 17:52:32.0703 2520 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/22 17:52:32.0875 2520 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/22 17:52:33.0109 2520 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/22 17:52:33.0312 2520 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/22 17:52:33.0656 2520 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/05/22 17:52:33.0875 2520 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/05/22 17:52:34.0078 2520 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/22 17:52:34.0500 2520 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/05/22 17:52:34.0859 2520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/22 17:52:35.0109 2520 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/22 17:52:35.0296 2520 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/22 17:52:35.0406 2520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/22 17:52:35.0593 2520 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/22 17:52:35.0812 2520 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/22 17:52:35.0968 2520 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/22 17:52:36.0265 2520 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/22 17:52:36.0453 2520 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/22 17:52:36.0609 2520 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/22 17:52:36.0765 2520 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/22 17:52:36.0906 2520 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/22 17:52:37.0125 2520 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/22 17:52:37.0312 2520 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/22 17:52:37.0484 2520 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/22 17:52:37.0781 2520 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110522.002\NAVENG.SYS
2011/05/22 17:52:38.0171 2520 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110522.002\NAVEX15.SYS
2011/05/22 17:52:38.0390 2520 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/22 17:52:38.0562 2520 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/22 17:52:38.0734 2520 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/22 17:52:38.0937 2520 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/22 17:52:39.0093 2520 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/22 17:52:39.0296 2520 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/22 17:52:39.0484 2520 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/22 17:52:39.0671 2520 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/22 17:52:39.0968 2520 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/22 17:52:40.0125 2520 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/22 17:52:40.0265 2520 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/22 17:52:40.0500 2520 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/22 17:52:40.0734 2520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/22 17:52:40.0890 2520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/22 17:52:41.0031 2520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/22 17:52:41.0187 2520 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/22 17:52:41.0359 2520 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/22 17:52:41.0546 2520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/22 17:52:41.0750 2520 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/22 17:52:41.0906 2520 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/22 17:52:42.0187 2520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/22 17:52:42.0359 2520 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/22 17:52:43.0015 2520 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/22 17:52:43.0203 2520 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/22 17:52:43.0406 2520 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/22 17:52:43.0578 2520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/22 17:52:43.0765 2520 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/22 17:52:44.0421 2520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/22 17:52:44.0593 2520 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/22 17:52:44.0796 2520 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/22 17:52:44.0984 2520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/22 17:52:45.0187 2520 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/22 17:52:45.0328 2520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/22 17:52:45.0546 2520 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/22 17:52:45.0750 2520 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/22 17:52:45.0984 2520 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/22 17:52:46.0265 2520 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/05/22 17:52:46.0515 2520 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/22 17:52:46.0734 2520 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/22 17:52:46.0968 2520 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/22 17:52:47.0187 2520 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/22 17:52:47.0375 2520 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/22 17:52:47.0625 2520 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/22 17:52:47.0812 2520 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/22 17:52:48.0078 2520 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/22 17:52:48.0281 2520 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/22 17:52:48.0484 2520 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS
2011/05/22 17:52:48.0703 2520 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/05/22 17:52:48.0921 2520 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/22 17:52:49.0171 2520 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/22 17:52:49.0328 2520 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/22 17:52:49.0500 2520 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/22 17:52:49.0875 2520 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/05/22 17:52:50.0078 2520 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/05/22 17:52:50.0265 2520 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/22 17:52:50.0453 2520 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/05/22 17:52:50.0656 2520 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS
2011/05/22 17:52:51.0062 2520 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/22 17:52:51.0281 2520 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/22 17:52:51.0468 2520 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/22 17:52:51.0609 2520 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/22 17:52:51.0781 2520 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/22 17:52:52.0109 2520 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/22 17:52:52.0390 2520 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/22 17:52:52.0593 2520 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/22 17:52:52.0781 2520 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/22 17:52:52.0937 2520 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/22 17:52:53.0093 2520 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/22 17:52:53.0265 2520 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/22 17:52:53.0437 2520 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/05/22 17:52:53.0593 2520 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/22 17:52:53.0765 2520 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/22 17:52:53.0953 2520 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/22 17:52:54.0125 2520 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/22 17:52:54.0390 2520 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/22 17:52:54.0609 2520 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/22 17:52:54.0828 2520 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/22 17:52:55.0125 2520 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/22 17:52:55.0484 2520 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/22 17:52:55.0890 2520 ================================================================================
2011/05/22 17:52:55.0890 2520 Scan finished
2011/05/22 17:52:55.0890 2520 ================================================================================

*PC2 TDSSKiller Log*

2011/05/22 17:44:07.0875 2844 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 17:44:09.0953 2844 ================================================================================
2011/05/22 17:44:09.0953 2844 SystemInfo:
2011/05/22 17:44:09.0953 2844 
2011/05/22 17:44:09.0953 2844 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/22 17:44:09.0953 2844 Product type: Workstation
2011/05/22 17:44:09.0953 2844 ComputerName: D6KLM72J
2011/05/22 17:44:09.0953 2844 UserName: Admin
2011/05/22 17:44:09.0953 2844 Windows directory: C:\WINDOWS
2011/05/22 17:44:09.0953 2844 System windows directory: C:\WINDOWS
2011/05/22 17:44:09.0953 2844 Processor architecture: Intel x86
2011/05/22 17:44:09.0953 2844 Number of processors: 1
2011/05/22 17:44:09.0968 2844 Page size: 0x1000
2011/05/22 17:44:09.0968 2844 Boot type: Normal boot
2011/05/22 17:44:09.0968 2844 ================================================================================
2011/05/22 17:44:13.0890 2844 Initialize success
2011/05/22 17:44:24.0531 2300 ================================================================================
2011/05/22 17:44:24.0531 2300 Scan started
2011/05/22 17:44:24.0531 2300 Mode: Manual; 
2011/05/22 17:44:24.0531 2300 ================================================================================
2011/05/22 17:44:31.0937 2300 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/22 17:44:33.0031 2300 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/22 17:44:34.0375 2300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/22 17:44:35.0343 2300 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/22 17:44:36.0109 2300 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/22 17:44:36.0812 2300 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/22 17:44:37.0328 2300 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/22 17:44:38.0265 2300 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/22 17:44:39.0265 2300 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/22 17:44:40.0031 2300 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/22 17:44:40.0796 2300 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/22 17:44:41.0265 2300 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/22 17:44:41.0890 2300 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/22 17:44:42.0453 2300 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/22 17:44:43.0015 2300 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/22 17:44:43.0406 2300 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/05/22 17:44:44.0078 2300 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/22 17:44:44.0515 2300 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/22 17:44:45.0109 2300 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/22 17:44:45.0703 2300 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/05/22 17:44:46.0234 2300 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/22 17:44:46.0843 2300 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/22 17:44:47.0703 2300 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/22 17:44:48.0187 2300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/22 17:44:48.0703 2300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/22 17:44:49.0796 2300 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/05/22 17:44:50.0843 2300 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/22 17:44:51.0156 2300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/22 17:44:51.0437 2300 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/22 17:44:51.0828 2300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/22 17:44:52.0156 2300 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/22 17:44:52.0484 2300 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/22 17:44:53.0390 2300 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/22 17:44:53.0875 2300 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/22 17:44:54.0218 2300 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/22 17:44:54.0562 2300 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/22 17:44:55.0078 2300 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/22 17:44:55.0375 2300 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/22 17:44:55.0890 2300 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/22 17:44:56.0218 2300 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/05/22 17:44:56.0453 2300 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/22 17:44:56.0890 2300 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/22 17:44:57.0171 2300 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/22 17:44:57.0375 2300 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/05/22 17:44:57.0687 2300 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/22 17:44:58.0156 2300 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/22 17:44:58.0890 2300 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/22 17:44:59.0531 2300 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/22 17:45:00.0000 2300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/22 17:45:00.0250 2300 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/22 17:45:00.0578 2300 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/22 17:45:01.0031 2300 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/22 17:45:01.0437 2300 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/22 17:45:02.0000 2300 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/22 17:45:02.0500 2300 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/22 17:45:03.0109 2300 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/22 17:45:03.0562 2300 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/22 17:45:04.0203 2300 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/22 17:45:04.0703 2300 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/22 17:45:05.0234 2300 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/22 17:45:05.0734 2300 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/22 17:45:06.0343 2300 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/22 17:45:06.0796 2300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/22 17:45:07.0406 2300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/22 17:45:08.0062 2300 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/22 17:45:08.0546 2300 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/22 17:45:09.0171 2300 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/22 17:45:09.0750 2300 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/22 17:45:10.0343 2300 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/22 17:45:10.0796 2300 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/22 17:45:11.0421 2300 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/22 17:45:12.0546 2300 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/22 17:45:14.0046 2300 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSxpx86.sys
2011/05/22 17:45:14.0718 2300 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/22 17:45:15.0406 2300 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/22 17:45:15.0812 2300 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/22 17:45:16.0406 2300 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/22 17:45:17.0000 2300 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/22 17:45:17.0453 2300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/22 17:45:18.0078 2300 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/22 17:45:18.0593 2300 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/22 17:45:19.0203 2300 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/22 17:45:19.0640 2300 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/22 17:45:20.0218 2300 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/22 17:45:20.0671 2300 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/22 17:45:21.0343 2300 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/22 17:45:21.0953 2300 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/22 17:45:22.0546 2300 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/22 17:45:23.0453 2300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/22 17:45:24.0187 2300 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/22 17:45:25.0234 2300 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/22 17:45:25.0875 2300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/22 17:45:26.0718 2300 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/22 17:45:27.0765 2300 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/22 17:45:28.0343 2300 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/22 17:45:28.0859 2300 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/22 17:45:29.0437 2300 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/22 17:45:29.0671 2300 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/22 17:45:29.0953 2300 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/22 17:45:30.0312 2300 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/22 17:45:30.0531 2300 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/22 17:45:30.0812 2300 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/22 17:45:31.0203 2300 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110521.002\NAVENG.SYS
2011/05/22 17:45:31.0906 2300 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110521.002\NAVEX15.SYS
2011/05/22 17:45:32.0937 2300 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/22 17:45:33.0437 2300 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/22 17:45:33.0703 2300 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/22 17:45:33.0968 2300 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/22 17:45:34.0437 2300 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/22 17:45:34.0703 2300 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/22 17:45:35.0156 2300 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/22 17:45:35.0578 2300 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/22 17:45:36.0000 2300 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/22 17:45:36.0687 2300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/22 17:45:37.0781 2300 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/22 17:45:38.0875 2300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/22 17:45:39.0234 2300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/22 17:45:39.0500 2300 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/22 17:45:39.0765 2300 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/22 17:45:40.0156 2300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/22 17:45:40.0437 2300 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/22 17:45:40.0937 2300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/22 17:45:41.0437 2300 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/22 17:45:42.0640 2300 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/22 17:45:42.0921 2300 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/22 17:45:43.0375 2300 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/22 17:45:43.0640 2300 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/22 17:45:43.0859 2300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/22 17:45:44.0234 2300 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/22 17:45:44.0546 2300 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/22 17:45:44.0859 2300 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/22 17:45:45.0281 2300 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/22 17:45:45.0609 2300 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/22 17:45:45.0906 2300 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/22 17:45:46.0343 2300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/22 17:45:46.0609 2300 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/22 17:45:46.0890 2300 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/22 17:45:47.0265 2300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/22 17:45:47.0593 2300 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/22 17:45:47.0937 2300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/22 17:45:48.0375 2300 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/22 17:45:48.0828 2300 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/22 17:45:49.0343 2300 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/22 17:45:49.0812 2300 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2011/05/22 17:45:50.0609 2300 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/22 17:45:51.0359 2300 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/22 17:45:51.0984 2300 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/22 17:45:52.0375 2300 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/22 17:45:52.0640 2300 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/22 17:45:53.0343 2300 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/22 17:45:53.0750 2300 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/22 17:45:54.0296 2300 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/22 17:45:54.0593 2300 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/22 17:45:54.0906 2300 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/22 17:45:55.0531 2300 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/05/22 17:45:56.0421 2300 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/05/22 17:45:56.0890 2300 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/22 17:45:57.0312 2300 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/22 17:45:57.0562 2300 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/22 17:45:57.0828 2300 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/22 17:45:58.0078 2300 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/22 17:45:58.0484 2300 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/05/22 17:45:59.0171 2300 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/05/22 17:45:59.0781 2300 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/22 17:46:00.0203 2300 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/05/22 17:46:00.0781 2300 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
2011/05/22 17:46:01.0203 2300 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/22 17:46:01.0453 2300 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/22 17:46:01.0703 2300 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/22 17:46:02.0140 2300 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/22 17:46:02.0562 2300 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/22 17:46:02.0828 2300 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/22 17:46:03.0156 2300 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/22 17:46:03.0468 2300 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/22 17:46:03.0781 2300 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/22 17:46:04.0062 2300 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/22 17:46:04.0421 2300 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/22 17:46:04.0796 2300 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/22 17:46:05.0078 2300 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/22 17:46:05.0375 2300 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/22 17:46:05.0671 2300 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/22 17:46:05.0890 2300 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/22 17:46:06.0203 2300 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/22 17:46:06.0484 2300 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/22 17:46:06.0750 2300 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/22 17:46:07.0031 2300 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/22 17:46:07.0765 2300 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/22 17:46:07.0953 2300 ================================================================================
2011/05/22 17:46:07.0953 2300 Scan finished
2011/05/22 17:46:07.0953 2300 ================================================================================


----------



## Cookiegal (Aug 27, 2003)

OK, that's good.

Please do this for both of these PCs as final instructions for them:

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration but the actual command used the entire word uninstall and just the u).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Cookiegal (Aug 27, 2003)

Are you able to keep those two PCs off-line while we work on the other one now?


----------



## GIRLY1 (May 11, 2011)

I am happy to do this but I believe I still have problems. Just before I do this current status on both PC's

*PC1*

Never did get Combofix loaded onto PC1 as Combofix was complaining that Norton Internet Security was still running even though I disabaled all the settings as previously mentioned.

I am still getting re-directs when I click on links. Once I have done searches and also sometimes windows opens on its own

1)The windows that opens on its own goes to 
'http://wordslife.com/index.php
And advises
This website wants to run the following add-on: 'Microsoft(R) Dynamic HTML Editing Control' from 'Microsoft Corporation(unverified publisher)'. If you trust the website and the add-on and want to allow it click here...

I just close this window down.

How this opens on its own I do not know.

2) Open new window and search for BBC, after clicking BBC link it re-directs to

'http.vid-find ( could not get to the rest of the URL as it quickly then re-directs to )
3 more different websites in rapid succession (1-2 secs) before re-directing to

'http://www.firesixteen.com

Also I looked at the following path;
C:\WINDOWS\system32\drivers\etc\hosts

and can see two entries, when there should only be one - the local host entry ( is that correct?)

127.0.0.1 localhost
173.192.170.88 drghwaweg45j4i6u3q32fg2h.com

Earlier today Norton Internet Security blocked 4 Intrusion Attempts in the space of 4 minutes.

*PC2*

I am still getting google re-direct happening. Recent example being;

1) When clicking on the the Kasperky link in your post #69, it opened another window up and got re-directed to 
'http://www.results.google-analystics.com
it stayed there for about 3-5 secs, it then re-directed to
'http://www.google.com

In between this happening Norton Internet Security notification popup box appeared advising that it had blocked an intrusion attempt
Web Attack:Blackhole Toolkit Website
Risk - High
Attacking Computer : 92.38.232.92, 80
Attacker URL : ldsopwps.cz.cc/forum/php?tp=31afb9f457d87e47

2) Opened new window and typed in BBC and clicked Google Search. Clicked on the first link and this got re-directed to 
'http://www.results.google-analytics.com 
stayed there for afew seconds and then re-directed to 
'http://www.youtube.com/forfahsionsake

And just before posting this post I did a refresh off this website and it opened another window up and that got re-directed to

'http://healthcare-facilities.com/result.php?Keywords=healthquote

where it got a HTTP 404 
http://healthcare-facilities.com/result.php?Keywords=healthquot


----------



## Cookiegal (Aug 27, 2003)

Please run this on both to reset the hosts file:

Download the *HostsXpert*.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then reboot and post a new HijackThis log for both PCs please.


----------



## GIRLY1 (May 11, 2011)

All done - HijackThis logs for both PC's

*PC1*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:34, on 22/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...xAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6602 bytes

*PC2*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:29, on 22/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 6973 bytes


----------



## Cookiegal (Aug 27, 2003)

On PC1, rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninst..."&"ver=9.0.894

Are you still get redirected on both PCs?

Do you only have Norton Safe Web Lite on PC1?


----------



## GIRLY1 (May 11, 2011)

All done on PC1

On both PC's it has Norton Internet Security 2011 - Version 18.6.0.29

Not sure what Norton Safe Web Lite is.

I will play around and see if there are any re-directs still and report back tomorrow, If thats O.k? 

Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes, that's fine. Thanks.


----------



## GIRLY1 (May 11, 2011)

OK, received following results as soon as I switched on both PC's this morning

*PC1*

1) typed in tv guide in google search 
clicked on first search and got redirected to

'http://aliveglobe.com/?65286261387e6f727878
after a second got re-directed to

'http://www.whatafind.com/p-4535-humax-freeview-hd-receiver-hd-fox-t2.aspx?source=webgains&siteid=57172

2) Typed in BBc in google search
clicked first search and got re-directed to

'http://results.google-analytics.com/

second later got re-directed to

'http://www.ebay.co.uk/?rvr_id=234426168162&clk_rvr_id=234426168162&keyword=ebay

Clicked on the back button adnd it got re-directed to

'http://search.digikey.com/scripts/DkSearch/dksus.dll?lang=en&site=uk&KeyWords=fiber%20optics&WT.term=fiber+optics&WT.mc_id=Connectors+2&WT.medium=cpc&WT.campaign=Connectors+2&WT.content=text&WT.srch=1&WT.source=yahoo

clicked back button again and and got re-directed to

'http://results.google-analytics.com/

but the actual page showing is the Yahoo.uk home page

Straight after this got a High CPU Usage by Internet Explorer pop up box(only have 3 windows open and nothing else)

3) Typed in The Tech Guy in google search
clicked on link and got re-directed to

'http://search.google-analytics.com/

stayed there for a second and got re-directed to

'http://results.google-analytics.com/

stayed there for a second and got re-directed to

'http://www.quick-search-results.com/jump1/?affiliate=gathi&subid=155&terms=windows%20vista%20repair&sid=Z475044288%40%40QMfRDN0gDN3IzXzkjNy8VNx8lM18FN5cjM0EjNwMTM&a=tnguv&mr=1&rc=0

stayed there for a second and got re-directed to

'http://www.webinquirer.co.uk/search.php?query=Windows+Vista+Repair&b=Ly5P6lJAHtlS2RWb1piyguhKuuxEFz47x3EvbDuuO7IC9JkSJgk6%2BvpXL%2FdBmpTrAIhplKu445n4LtQ73gelFQNRE5f3A0NjJ4ZdyJouvAoVPDdQXmVMYOEbKvG6PDptVlq3oCHps%2BUIE6qO2zNdy3tYCgaNSOqW3NChu%2B9eq6M%3D

Immediately after this High memory Usuage by Internet Explorer popup box appeared

*PC2*

1) Opened new window and typed in BBC and clicked Google Search. Clicked on the first link and this got re-directed to

'http://www.results.google-analytics.com

stayed there for afew seconds and then re-directed to

'http://www.quick-search-results.com/jump1/?affiliate=gathi&subid=155&terms=paintless%20dent%20removal&sid=Z369044717%40EzXzQTO4MzNx8FMwUTMfVTMfdjMx8VNycTOzEjNwMTM&a=tnguv&mr=1&rc=0

stayed there for a milli second and then got re-directed to google home page.

Straight after this got a High CPU Usage by Internet Explorer pop up box(only have 3 windows open and nothing else)

2) Clicked refresh button whilst on the Tech Guy page that I had opened, this opened another window to the following page

'http://www.ebay.co.uk/?rvr_id=234433253180&clk_rvr_id=234433253180&keyword=ebay

Clicked the back button and it went to
'http://results.google-analytics.com/

Clicked the back button and it went to
'http://www.bloggerex.com/out88.php

Clicked the back button and it went to
'http://www.videobash.com/video_play?utm_source=blogstand&utm_medium=PT&utm_campaign=blogstand-shortvideopage

This is so frustrating, wish you could just exterminate them.


----------



## Cookiegal (Aug 27, 2003)

Alright, we will have to focus on one PC at a time. It gets a little confusing working on two. So let's start with PC1 and keep the other two off-line please.

I'll post the full instructions for DDS but if you still have the program then you won't have to download it again and can just run it:

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

For GMER, please remove the one you have on your desktop by dragging it to the Recycle Bin and grab a new one as it may have been updated since we last used it.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## GIRLY1 (May 11, 2011)

3 questions before I start

1) Where and how do I do this?
Disable any script blocker you may have as they may interfere

2) Where and how can I check to see if I have these?
Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

3) Does this include the window I am reading your instructions from?
Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Thanks


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> 3 questions before I start
> 
> 1) Where and how do I do this?
> Disable any script blocker you may have as they may interfere


We've already run these programs on both of these computers so this shouldn't be a problem. If Norton should pop up with a warning about a script just be sure not to block it as it will be DDS and not something malicious.


> 2) Where and how can I check to see if I have these?
> Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.


Don't worry about this as I don't believe you have any.


> 3) Does this include the window I am reading your instructions from?
> Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.
> 
> Thanks


Yes, all Windows should be closed. It might be a good idea to print the instructions before running the program so you can refer back to them if necessary.


----------



## GIRLY1 (May 11, 2011)

OK only PC1 is running now all other swithced off.

*PC1 DDS log*

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Administrator at 14:33:50.65 on 23/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.118 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\rw5ah8qh.default\
FF - prefs.js: browser.startup.homepage - hxxp://timeanddate.com/worldclock/city.html?n=136
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-11 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-11 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2003-7-16 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-11 130008]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-5-11 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110518.001\IDSXpx86.sys [2011-5-19 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110522.002\NAVENG.SYS [2011-5-22 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110522.002\NAVEX15.SYS [2011-5-22 1542392]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
.
=============== Created Last 30 ================
.
2011-05-22 21:30:48 -------- d-----w- C:\HostsXpert 4.3
2011-05-22 16:51:17 -------- d-----w- C:\Sur
2011-05-20 18:34:25 -------- d-----w- c:\program files\ESET
2011-05-19 23:18:33 -------- d-s---w- C:\puppy
2011-05-18 19:33:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:33:24 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-18 19:33:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-17 20:26:47 -------- d-----w- C:\TYPED ROUTER
2011-05-11 13:02:11 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-11 13:02:10 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-11 13:02:10 -------- d-----w- c:\program files\Symantec
2011-05-11 13:02:10 -------- d-----w- c:\program files\common files\Symantec Shared
2011-05-11 13:01:51 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-05-11 13:01:50 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-05-11 13:01:50 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-05-11 13:01:50 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-05-11 13:01:49 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-05-11 13:01:49 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-05-11 13:01:49 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-05-11 13:01:49 136312 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-05-11 13:00:41 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-05-11 12:59:46 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-11 12:59:31 -------- d-----w- c:\program files\Norton Internet Security
2011-05-11 06:51:57 -------- d-----w- c:\windows\system32\drivers\nst\0102000.006
2011-05-11 06:51:57 -------- d-----w- c:\windows\system32\drivers\NST
2011-05-11 06:51:57 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-05-10 22:23:53 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\NPE
2011-05-10 22:17:34 -------- d-----w- c:\docume~1\admini~1\applic~1\Tific
2011-05-10 22:17:30 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Symantec
2011-05-06 13:46:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-06 08:25:11 -------- d-----w- C:\ROUTER
2011-05-05 07:43:35 -------- d-----w- C:\c9a418aa0213152fb9a6
2011-05-01 22:38:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-25 17:02:03 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 17:01:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-24 16:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-04-24 16:02:23 -------- d-----w- c:\program files\NortonInstaller
2011-04-24 16:02:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
.
==================== Find3M ====================
.
.
============= FINISH: 14:35:28.35 ===============

*PC1 Attach log*

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 29/12/2009 21:06:33
System Uptime: 23/05/2011 10:05:33 (4 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 26.18 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 24/04/2011 16:57:10 - System Checkpoint
RP2: 25/04/2011 18:38:07 - System Checkpoint
RP3: 28/04/2011 15:22:34 - System Checkpoint
RP4: 29/04/2011 21:45:39 - System Checkpoint
RP5: 01/05/2011 13:04:21 - FEB2011
RP6: 01/05/2011 13:07:53 - 3FEB2011
RP7: 02/05/2011 16:47:22 - System Checkpoint
RP8: 05/05/2011 18:49:02 - System Checkpoint
RP9: 06/05/2011 08:36:12 - Avg Update
RP10: 10/05/2011 20:43:14 - Avg Update
RP11: 10/05/2011 20:47:04 - Removed AVG Free 9.0
RP12: 10/05/2011 20:49:39 - Installed AVG Free 9.0
RP13: 10/05/2011 23:34:28 - Norton_Power_Eraser_20110510233422640
RP14: 12/05/2011 11:28:38 - System Checkpoint
RP15: 13/05/2011 17:24:12 - System Checkpoint
RP16: 16/05/2011 15:46:11 - System Checkpoint
RP17: 17/05/2011 15:50:39 - System Checkpoint
RP18: 18/05/2011 18:45:47 - System Checkpoint
RP19: 18/05/2011 20:20:08 - Removed Java(TM) 6 Update 16
RP20: 18/05/2011 20:31:53 - Installed Java(TM) 6 Update 25
RP21: 19/05/2011 20:46:29 - System Checkpoint
RP22: 19/05/2011 21:08:24 - Unsigned driver install
RP23: 21/05/2011 12:28:41 - System Checkpoint
RP24: 23/05/2011 11:11:39 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Akamai NetSession Interface
Broadcom 440x 10/100 Integrated Controller
CAM UnZip 4.42
CCleaner
CutePDF Writer 2.8
ESET Online Scanner v3
GIMP 2.6.8
Google Chrome
GPL Ghostscript 8.71
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 25
Junkyard Adventures in Space
Letts Practise Maths Stage 1
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVC80_x86_v2
NETGEAR WG111v3 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Internet Security
Norton Safe Web Lite
OpenOffice.org 3.1
PC Connectivity Solution
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype web features
Skype™ 4.1
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
WebFldrs XP
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 2
.
==== Event Viewer Messages From Past Week ========
.
22/05/2011 22:37:50, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001E2AB424D5 has been denied by the DHCP server 10.46.103.217 (The DHCP Server sent a DHCPNACK message).
22/05/2011 16:40:59, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001E2AB424D5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
21/05/2011 22:41:04, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E2AB424D5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
20/05/2011 23:35:19, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
19/05/2011 23:57:38, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 12:34:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
19/05/2011 11:50:56, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
18/05/2011 17:43:47, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E2AB424D5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
17/05/2011 13:32:07, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 000D56571AAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
16/05/2011 16:41:07, error: PlugPlayManager [11] - The device Root\LEGACY_SMR162\0000 disappeared from the system without first being prepared for removal.
16/05/2011 15:00:15, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
16/05/2011 14:58:55, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================

*PC1 GMER Ark log*

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-23 16:07:57
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: v23o95yw.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtcapod.sys

---- System - GMER 1.0.15 ----
SSDT 81F8CE30 ZwAlertResumeThread
SSDT 81F8CF10 ZwAlertThread
SSDT 81D18108 ZwAllocateVirtualMemory
SSDT 81CEA188 ZwAssignProcessToJobObject
SSDT 81F2AC68 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEEF53710]
SSDT 820A2B90 ZwCreateMutant
SSDT 81F5BB70 ZwCreateSymbolicLinkObject
SSDT 8209D008 ZwCreateThread
SSDT 81F8EE48 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEEF53990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEEF53EF0]
SSDT 81F08108 ZwDuplicateObject
SSDT 81F0E3A0 ZwFreeVirtualMemory
SSDT 81C71080 ZwImpersonateAnonymousToken
SSDT 81C71160 ZwImpersonateThread
SSDT 81F2BA80 ZwLoadDriver
SSDT 81CD7008 ZwMapViewOfSection
SSDT 820A2AB0 ZwOpenEvent
SSDT 81F4BC80 ZwOpenProcess
SSDT 81D18008 ZwOpenProcessToken
SSDT 820943E8 ZwOpenSection
SSDT 81F08008 ZwOpenThread
SSDT 81CEA098 ZwProtectVirtualMemory
SSDT 81F8CFD0 ZwResumeThread
SSDT 81D15118 ZwSetContextThread
SSDT 81D15008 ZwSetInformationProcess
SSDT 81F8EF28 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEEF54140]
SSDT 820944A8 ZwSuspendProcess
SSDT 81C381D8 ZwSuspendThread
SSDT 8207C0F8 ZwTerminateProcess
SSDT 81C382B8 ZwTerminateThread
SSDT 81CD7118 ZwUnmapViewOfSection
SSDT 81F0E490 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 240  804E28AC 4 Bytes [E8, 43, 09, 82]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF800EF80]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 0265003A 
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ole32.dll!CLIPFORMAT_UserFree + 67A 77525FAC 7 Bytes JMP 0265056D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ole32.dll!WriteClassStm + FD0 7753F351 7 Bytes JMP 026504B5 
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1
---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

I assume you created this folder yourself?

C:\Sur

Let's try ComboFix again. If it still flags Norton as a problem, try running it in Safe Mode with Networking as it will need to connect to the Internet.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## GIRLY1 (May 11, 2011)

O.k. PC1, Tried running Combofix in normal and Safe mode but still get the same problem.
ComboFix is advising that it has a problem with Norton Internet Security as it is still running, even after I turned off AntiVirus, Antispyware and Smart Firewall.
I then proceeded to turn off all other settings, Intrusion Prevention, Email Protection, Identity Safe, Browser Protection, Safe Surfing and Download Intelligence.
Combofix still came back with 
The above realtime scanner(s) are still active but the ComboFix shall continue to run. Kindly note that this is at your own risk.


----------



## Cookiegal (Aug 27, 2003)

Try exiting NIS completely then and see if ComboFix will run in normal mode.


----------



## GIRLY1 (May 11, 2011)

There is no exit button on NIS, just on/off buttons. I have tried switching off other settings but still same response from ComboFix.
Do not understand why it works on PC2 and not PC1.


----------



## Cookiegal (Aug 27, 2003)

Do you have the media to reinstall NIS if we were to uninstall it?


----------



## GIRLY1 (May 11, 2011)

Yes, I have it on CD.


----------



## Cookiegal (Aug 27, 2003)

And you still have the license key number as well that you will need to reinstall it? If so then let's uninstall it then run this Norton removal tool.  Note: It will remov any other Norton/Symantec products as well so be sure you don't have any others that you need before running.

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US

Then reboot the machine and install a free anti-virus temporarily until we're finished. I suggest Avira Antivir:

http://www.avira.com/en/avira-free-antivirus

Once you have that installed then proceed with disabling is as required and run ComboFix.


----------



## GIRLY1 (May 11, 2011)

All Done, uninstalled NIS and installed Avira(disabled before running ComboFix)

*PC1 ComboFix Log*

ComboFix 11-05-23.02 - Administrator 23/05/2011 23:09:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.358 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Start Menu\Programs\Windows Repair
c:\documents and settings\Administrator\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Windows Repair\Windows Repair.lnk
c:\program files\SiL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MOUSEDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 22:00 . 2011-05-23 22:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2011-05-23 21:52 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-23 21:52 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-23 21:52 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-23 21:52 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-23 21:52 . 2011-05-23 21:52 -------- d-----w- c:\program files\Avira
2011-05-23 21:52 . 2011-05-23 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-23 17:32 . 2011-05-23 17:41 -------- d-----w- C:\puppy
2011-05-22 21:30 . 2011-05-22 21:31 -------- d-----w- C:\HostsXpert 4.3
2011-05-22 16:51 . 2011-05-22 21:31 -------- d-----w- C:\Sur
2011-05-20 18:34 . 2011-05-20 18:34 -------- d-----w- c:\program files\ESET
2011-05-18 19:34 . 2011-05-18 19:34 -------- d-----w- c:\program files\Common Files\Java
2011-05-18 19:33 . 2011-05-18 19:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 19:33 . 2011-05-18 19:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:33 . 2011-05-18 19:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-18 19:32 . 2011-05-18 19:32 -------- d-----w- c:\program files\Java
2011-05-17 20:26 . 2011-05-17 20:27 -------- d-----w- C:\TYPED ROUTER
2011-05-11 12:59 . 2011-05-11 13:02 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-11 06:51 . 2011-05-11 06:51 -------- d-----w- c:\windows\system32\drivers\NST
2011-05-11 06:51 . 2011-05-11 06:51 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-05-10 22:23 . 2011-05-13 19:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2011-05-10 22:17 . 2011-05-10 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2011-05-10 22:17 . 2011-05-10 22:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2011-05-06 13:46 . 2011-05-06 13:46 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-06 08:25 . 2011-05-06 08:27 -------- d-----w- C:\ROUTER
2011-05-05 07:43 . 2011-05-05 07:43 -------- d-----w- C:\c9a418aa0213152fb9a6
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-25 17:02 . 2011-05-06 13:39 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 17:01 . 2011-05-06 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-24 16:06 . 2011-04-24 16:06 -------- d-----w- c:\program files\Windows Sidebar
2011-04-24 16:05 . 2011-05-11 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-04-24 16:02 . 2011-05-23 21:38 -------- d-----w- c:\program files\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-24 11:38 . 2009-12-29 22:28 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
.
.
------- Sigcheck -------
.
[-] 2011-04-24 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2003-07-16 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2003-07-16 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2003-07-16 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2003-03-06 . 09B38768036508B51564201AFB000950 . 162432 . . [5.1.2600.1181] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
[-] 2003-07-16 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-07-16 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2003-07-16 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2003-07-16 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2003-07-16 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll
[-] 2004-08-04 00:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-04 00:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\comres.dll
[-] 2004-08-04 00:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2003-07-16 16:19 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll
[-] 2003-07-16 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2003-07-16 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2003-07-16 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2003-07-16 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2003-07-16 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2003-07-16 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2003-07-16 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[-] 2003-07-16 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2003-07-16 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
[-] 2004-08-04 00:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2004-08-04 00:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2003-07-16 16:22 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2003-07-16 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2003-07-16 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2003-07-16 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2003-07-16 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2003-07-16 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2003-07-16 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2003-07-16 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2003-07-16 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2003-07-16 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2003-07-16 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2003-07-16 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2003-07-16 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2003-07-16 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2003-07-16 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2003-07-16 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2003-07-16 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2003-07-16 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2003-07-16 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2003-07-16 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2003-07-16 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2003-07-16 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2003-07-16 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2003-07-16 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2003-07-16 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2003-07-16 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2003-07-16 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2003-07-16 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2003-07-16 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2003-07-16 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2003-07-16 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2003-07-16 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2003-07-16 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2003-07-16 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2003-07-16 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2003-07-16 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2003-07-16 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
[-] 2004-08-03 22:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-03 22:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
[-] 2002-08-28 23:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
[-] 2003-07-16 16:28 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2003-07-16 16:28 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2003-07-16 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2005-01-28 13:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 13:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 13:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 00:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-04 00:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
.
[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2003-07-16 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
[-] 2004-08-04 00:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-04 00:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2003-07-16 16:33 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2003-07-16 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2003-07-16 . 9402C9F282AC5FAF8253A4DC2E231B67 . 338944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2003-07-16 . 1D0F6E2A81751F29E6C27CA4FDDC1D49 . 253440 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll
[-] 2004-08-04 00:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2004-08-04 00:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2003-07-16 16:34 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2003-07-16 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2003-07-16 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ntoskrnl.exe
[-] 2003-07-16 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2003-07-16 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2003-07-16 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
[-] 2003-07-16 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2003-07-16 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
[-] 2003-07-16 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-21 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 10:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1029:TCP"= 1029:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [16/07/2003 17:41 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/05/2011 22:52 136360]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 14:13 38144]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [11/05/2011 07:51 130000]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 16:02 287232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-16 20:52]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-16 20:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\
FF - prefs.js: browser.startup.homepage - hxxp://timeanddate.com/worldclock/city.html?n=136
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-AIAkiwgpWK - c:\documents and settings\All Users\Application Data\AIAkiwgpWK.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-GPL Ghostscript 8.71 - c:\program files\gs\uninstgs.exe
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 23:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1708537768-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,60,3f,56,b5,e4,0b,49,b6,9b,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,60,3f,56,b5,e4,0b,49,b6,9b,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2011-05-23 23:31:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 22:31
.
Pre-Run: 28,039,970,816 bytes free
Post-Run: 29,134,909,440 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A53D581481D59A295BF0FD990F3CC669

*PC1 HijackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:38:02, on 23/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6073 bytes


----------



## Cookiegal (Aug 27, 2003)

If you navigate to this folder:

C:\Windows\System32 and open the System32 folder do you see the files there or does it look like there's nothing in the folder?

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## GIRLY1 (May 11, 2011)

OK this morning when I powered up PC1 my NETGEAR WG111v3 wireless USB adapter had been knocked out(not sure if ComboFix did this, as it was the last thing I did, as well as the HighjackThis log before shutting down last night).

I have managed to get it up and running again and got wireless internet connection again.

Navigated to C:\Windows\System32 - Yes there are more folders and files in System32 folder.

Please find attached OTS log


----------



## Cookiegal (Aug 27, 2003)

I think it's the malware (or removing it) that caused that.

Are you able to see all of your user folders when you go to C:\Documents and Settings?

The reason I'm asking these questions is because this malware usually hides the user files and a lot of other system files so you think they no longer exist. We have a tool to run to unhide them if necessary.

The other log will take some time to review and I will post back with further instructions on that.


----------



## GIRLY1 (May 11, 2011)

I can see all folders under c:\Documents and Settings but how would I know for sure without a list of what folders/files should be there?

I did run an Avira scan earlier, results as below although not all of the log just the end of the log;

At the end of this log, should there be a hidden file?

starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '358' files ).

Starting the file scan:
Begin scan in 'C:\'

End of the scan: 24 May 2011 11:12
Used time: 1:33:58 Hour(s)
The scan has been done completely.
4048 Scanned directories
285354 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
285354 Files not concerned
2555 Archives were scanned
0 Warnings
1 Notes
214701 Objects were scanned with rootkit scan
1 Hidden objects were found


----------



## Cookiegal (Aug 27, 2003)

There should be a folder there that corresponds to every user name. Are you always running under Administrator? Are there other user accounts? If so, there should be a folder for each one and one called "All Users" as well.

Please tell me what Avira identified as a hidden object (the file name and the path to it).

Hidden files are common, they are not all malicious.


----------



## GIRLY1 (May 11, 2011)

Below is a list of the Users and folders within them. I am always running under Administrator

Administrator
.fontconfig
.gimp-2.6
.thumbnails
Application Data
Desktop
Favorites
My Documents
My Recent Documents
NetHood
PrintHood
SendTo
Start Menu
Templates

All Users
Application Data
Desktop
Favorites
Shared Documents
Start Menu
Templates

Default User
Application Data
Desktop
Favorites
Shared Documents
Start Menu
Templates

Guest
Application Data
Desktop
Favorites
Guest's Documents
Local Settings
My Recent Documents
NetHood
PrintHood
SendTo
Start Menu
Templates

This is what I can find in the log in reference to the hidden object.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.


----------



## Cookiegal (Aug 27, 2003)

That registry entry is not a problem.

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > -> 
YY -> No name found -> C:\PROGRAM FILES\AVG\AVG9\FIREFOX
YN -> No name found -> C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```


----------



## Cookiegal (Aug 27, 2003)

Go to the following link and download Dial-a-Fix to your desktop and extract the files.

http://majorgeeks.com/Dial-a-fix_d4899.html

Double click on Dial-a-Fix.exe to run the program. Under the SSL/HTTPS/Cryptopgraphy heading, put a check mark next to "Fix SSL/HTTPS/Cryptsvc:", this will automatically check the other boxes beneath it. The click on "Go".

Once it's finished, reboot the computer and run a new scan with ComboFix and post the log please.


----------



## GIRLY1 (May 11, 2011)

*PC1*
OK OTS fix and HighjackThis are done, logs pasted below.

*OTS log*

All Processes Killed
[Registry - Safe List]
File C:\PROGRAM FILES\AVG\AVG9\FIREFOX not found.
File C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 1457200 bytes
->Temporary Internet Files folder emptied: 134351973 bytes
->Java cache emptied: 10685866 bytes
->FireFox cache emptied: 34796862 bytes
->Google Chrome cache emptied: 12813387 bytes
->Flash cache emptied: 10681 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 82836720 bytes
->Flash cache emptied: 1222 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 74655 bytes
RecycleBin emptied: 119769 bytes

Total Files Cleaned = 265.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.43.0 fix logfile created on 05242011_210136
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_714.dat not found!
Registry entries deleted on Reboot...

*HighJackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:10:54, on 24/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6008 bytes


----------



## Cookiegal (Aug 27, 2003)

Are you still getting redirected on this computer?

Are you connected to a router?


----------



## GIRLY1 (May 11, 2011)

*PC1*
OK, have run Dial a Fix and ComboFix. Log pasted below.

ComboFix 11-05-24.05 - Administrator 25/05/2011 12:12:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.214 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))
.
.
2011-05-25 10:58 . 2011-05-25 11:22 -------- d-----w- c:\windows\system32\CatRoot2
2011-05-24 23:18 . 2011-05-24 23:18 -------- d-----w- c:\windows\system32\KB905474
2011-05-24 20:01 . 2011-05-24 20:01 -------- d-----w- C:\_OTS
2011-05-24 08:38 . 2011-05-24 13:41 -------- d-----w- c:\windows\system32\NtmsData
2011-05-23 22:00 . 2011-05-23 22:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2011-05-23 21:52 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-23 21:52 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-23 21:52 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-23 21:52 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-23 21:52 . 2011-05-23 21:52 -------- d-----w- c:\program files\Avira
2011-05-23 21:52 . 2011-05-23 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-23 17:32 . 2011-05-23 17:41 -------- d-----w- C:\puppy
2011-05-22 21:30 . 2011-05-22 21:31 -------- d-----w- C:\HostsXpert 4.3
2011-05-22 16:51 . 2011-05-22 21:31 -------- d-----w- C:\Sur
2011-05-20 18:34 . 2011-05-20 18:34 -------- d-----w- c:\program files\ESET
2011-05-18 19:34 . 2011-05-18 19:34 -------- d-----w- c:\program files\Common Files\Java
2011-05-18 19:33 . 2011-05-18 19:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 19:33 . 2011-05-18 19:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:33 . 2011-05-18 19:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-18 19:32 . 2011-05-18 19:32 -------- d-----w- c:\program files\Java
2011-05-17 20:26 . 2011-05-17 20:27 -------- d-----w- C:\TYPED ROUTER
2011-05-11 12:59 . 2011-05-11 13:02 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-11 06:51 . 2011-05-11 06:51 -------- d-----w- c:\windows\system32\drivers\NST
2011-05-11 06:51 . 2011-05-11 06:51 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-05-10 22:23 . 2011-05-13 19:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2011-05-10 22:17 . 2011-05-10 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2011-05-10 22:17 . 2011-05-10 22:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2011-05-06 13:46 . 2011-05-06 13:46 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-06 08:25 . 2011-05-06 08:27 -------- d-----w- C:\ROUTER
2011-05-05 07:43 . 2011-05-05 07:43 -------- d-----w- C:\c9a418aa0213152fb9a6
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-25 17:02 . 2011-05-06 13:39 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 17:01 . 2011-05-06 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-24 11:38 . 2009-12-29 22:28 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-21 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 10:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [16/07/2003 17:41 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/05/2011 22:52 136360]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 14:13 38144]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [11/05/2011 07:51 130000]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 16:02 287232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-16 20:52]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-16 20:52]
.
2011-05-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-05-24 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\
FF - prefs.js: browser.startup.homepage - hxxp://timeanddate.com/worldclock/city.html?n=136
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-25 12:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1708537768-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,60,3f,56,b5,e4,0b,49,b6,9b,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,60,3f,56,b5,e4,0b,49,b6,9b,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2011-05-25 12:27:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-25 11:27
ComboFix2.txt 2011-05-23 22:31
.
Pre-Run: 29,119,434,752 bytes free
Post-Run: 29,120,897,024 bytes free
.
- - End Of File - - 8377C109C01180692E4478494A301A83


----------



## GIRLY1 (May 11, 2011)

In response to your questions

Are you still getting redirected on this computer? Yes

Opened window, typed in The Tech Guy and enter
Clicked on link to The Tech Guy 
Under Security and HJT, selected Virus & Other Malware Removal - this opened a new window and redirected to 
'http://www.search.google-analytics.com 
stayed there for a milli-second and then re-directed to
'http://filter.maximumfail.com/ncp/Default.aspx?term=construction%20equipment&u=6589336
stayed there for a milli-second and then re-directed to
'http://www.pmscaffolding.com/

Are you connected to a router? Yes, Netgear DG834PN


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *- type *cmd *and type in the following. Be sure to put a space between the g and the /:

*ipconfig /flushdns*

This will flush the DNS resolver cache.

Then reboot and let me know if you still get redirected please.


----------



## GIRLY1 (May 11, 2011)

Command entered and re-booted. May I play around and advise later today or tomorrow to see if I am getting re-directs please?
Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes but before you go would you run OTS again and post the new log? Then I'll wait to hear back from you on the redirects.


----------



## GIRLY1 (May 11, 2011)

Can I just confirm, is it the same instructions provided last time to run OTS, such as check in Disabled MS Config Items and EventViewer logs?


----------



## Cookiegal (Aug 27, 2003)

Yes please.


----------



## GIRLY1 (May 11, 2011)

*PC1 *- OTS log done, please find attached.

Thanks


----------



## Cookiegal (Aug 27, 2003)

Thanks. I also want you to reset the router please.

There's a default reset button on the back panel of the router.

Press and hold the Default Reset button until the Test LED turns on (about 10 seconds). Then release the button and wait for the router to reboot.

Once it reboots, would you please run OTS one more time and upload the log.


----------



## GIRLY1 (May 11, 2011)

Ok still getting redirects 

Typed in Youtube in Google and selected first serach result
Clicked on any clip and a new window opened and redirected to
'http://results.googlesyndication.com/
stayed there for milli-second and then redirected to
'http://67.201.36.16/redir2?cid=12032032&fH=534&fW=995&bX=4&bY=172&sX=1024&sY=768&if=1&frm=0&aj=1
stayed there milli second and redirected to
'http://www.lscaptcha.com/?keyword=msnbc%20news&camp=Dana+UK&feed=260829-23726_19318&source=dana_uk&cpc=0.05&clickid=1270257945-41d5.10c8.4ddd2afd.22c6

Went to logout out of The Tech Guy and it opened another window and redirected to
'http://www.search.google-analytics.com 

Another time a Youtube window opened on its own and started playing


----------



## Cookiegal (Aug 27, 2003)

Did you reset the router?


----------



## GIRLY1 (May 11, 2011)

No not yet. Just saw your other note. Wouldn't reseting the router get rid of my current configuration? If I do this I would not know how to set the configuration up again with the correct settings for each panel.


----------



## Cookiegal (Aug 27, 2003)

Before doing that, please do this:

Go to *Start *- *Run *- type in cmd and click OK to open a command prompt:

Type the following command (be sure to include the space between the g and the /:

*Ipconfig /all*

Hit Enter.

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.


----------



## Cookiegal (Aug 27, 2003)

Also, go to the Control Panel and double-click on Network Connections then right-click your LAN connection and choose Properties. 

On the General tab click Internet Protocol (TCP/IP) just to highlight it and then click on Properties.

In that box, select Internet Protocol and click Properties and an Internet Protocol (TCP/IP) Properties dialog box will appear with the current DNS settings.

Please take a screenshot of that and post it here.


----------



## GIRLY1 (May 11, 2011)

Please find pasted and attached details. Let me know what you want me to do next.
Thanks

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>Ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dellrice
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont
roller
Physical Address. . . . . . . . . : 00-0D-56-57-1A-AF
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG111v3 54Mbps Wireless USB
2.0 Adapter
Physical Address. . . . . . . . . : 00-1E-2A-B4-24-D5
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 213.109.65.147
213.109.76.57
Lease Obtained. . . . . . . . . . : 25 May 2011 16:43:03
Lease Expires . . . . . . . . . . : 28 May 2011 16:43:03
C:\Documents and Settings\Administrator>


----------



## Cookiegal (Aug 27, 2003)

The malware has put their own settings in the DNS servers and that's why you're getting redirected. I saw this in the OTS scan log but conferred with a colleague to confirm my findings. So first we're going to fix it with OTS.

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
YN -> DhcpNameServer -> 213.109.65.147 213.109.76.57
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {ACACEC32-576F-404F-ADE6-1789CB233BB2}\\DhcpNameServer -> 213.109.65.147 213.109.76.57   (Broadcom 440x 10/100 Integrated Controller)
YN -> {ECFE3E76-A06D-45F1-9CAF-355D62696902}\\DhcpNameServer -> 213.109.65.147 213.109.76.57   (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter)
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```
Next, go to *Start *- *Run *- type *cmd *and on the black screen type in the following command. Be sure to put a space between the g and the /:

*ipconfig /flushdns*

Close the black screen, reboot and post a new OTS log.

I don't expect it to cause any problems but if it does, you can call your IP as I understand they give very good support and they will guide you through getting the router configuration properly set up.


----------



## GIRLY1 (May 11, 2011)

Thats done

*PC1 OTS Fix log*

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer updated successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACACEC32-576F-404F-ADE6-1789CB233BB2}\\DhcpNameServer updated successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECFE3E76-A06D-45F1-9CAF-355D62696902}\\DhcpNameServer updated successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 1434017 bytes
->Temporary Internet Files folder emptied: 76565749 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1606 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 158763 bytes

Total Files Cleaned = 75.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.43.0 fix logfile created on 05252011_204457
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF709B.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF88AE.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U45DTH39\searchTrack[1].php moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U45DTH39\showbanner[1].php moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8XKPXLU\996396-girl-distress-google-redirect-possibly-8[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8XKPXLU\allworldsite_com[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8XKPXLU\searchTrack[1].php moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0HNB0I2H\allworldsite_com[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0HNB0I2H\showbanner[2].php moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_674.dat not found!
Registry entries deleted on Reboot...

*PC1 OTS scan log*

Please find attahced


----------



## Cookiegal (Aug 27, 2003)

The entries are still there. Did you perform the flushDNS command?


----------



## GIRLY1 (May 11, 2011)

Yes, flushDNS command was done, would you like me to do the process again?


----------



## Cookiegal (Aug 27, 2003)

Yes please and then reboot and post a new OTS log.


----------



## Cookiegal (Aug 27, 2003)

Also, looking at the screen shot in post no. 116, please click on the "Alternate Configuration" tab and post a screenshot of that.


----------



## GIRLY1 (May 11, 2011)

Alternate Configuration Tab attached.


----------



## Cookiegal (Aug 27, 2003)

Please post a new OTS log since you last did the flushdns.


----------



## GIRLY1 (May 11, 2011)

Thats done again.
But I have had a couple of redirects again.

*PC1 OTS Fix log*

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer updated successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACACEC32-576F-404F-ADE6-1789CB233BB2}\\DhcpNameServer updated successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECFE3E76-A06D-45F1-9CAF-355D62696902}\\DhcpNameServer updated successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 1602901 bytes
->Temporary Internet Files folder emptied: 54464204 bytes
->Java cache emptied: 8175 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 637 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 94398 bytes

Total Files Cleaned = 54.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.43.0 fix logfile created on 05252011_224538
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7378.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF83B6.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YIK8ZMUO\allworldsite_com[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YIK8ZMUO\searchTrack[1].php moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YIK8ZMUO\showbanner[1].php moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PIE7QD9A\996396-girl-distress-google-redirect-possibly-8[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PIE7QD9A\allworldsite_com[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PIE7QD9A\searchTrack[1].php moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JZAG0VS8\showbanner[1].php moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_674.dat not found!
Registry entries deleted on Reboot...

*PC1 Flush Command*
*PC1 OTS scan log*
Please find attahced


----------



## Cookiegal (Aug 27, 2003)

We need to reset the router. I would contact your IP and have them do that with you and reconfigure it.

Or if you prefer you could switch to OpenDSN or Google Public DNS by following the instructions at the link below:

http://hijack-this.co.uk/2010/09/list-of-public-dns-services/


----------



## GIRLY1 (May 11, 2011)

OK, I will contact my ISP and reset router, if you do not hear from me for a while it is probably due to having problems getting back up again.


----------



## Cookiegal (Aug 27, 2003)

OK. Please take notes during the process so you know the procedure and the settings should we have to do it again once we bring the other PCs on-line, which I doubt but it's best to be prepared.


----------



## GIRLY1 (May 11, 2011)

OK...I'm back. Had a little trouble from my ISP, :down:
Even though I advised in advance that when you reset the router it would set everthing to factory settings and that we would manually need to populate things from scratch.

So I spoke to a different person at the ISP as the first one was convinced that after resetting the router all I would need to do would be to put in the username and password and it would automatically reconfigure all the settings for me without me having to manually populate the settings. 
How wrong they were.

Anyway managed to get internet connection back. Have been playing around and...Oh my God! could it be that there is no more redirections!! I have been on it for about half an hour and so far so good

Is there a log you want me to run to see if there are any differences in the settings to the old ones? As it would be good to know and confirmation on what has changed. Let me know.
I will carry on playing around


----------



## Cookiegal (Aug 27, 2003)

That's great! Yes, please run OTS again. That's the only place those rogue settings showed up. I'll post the full instructions so you don't have to go back and look for them.


Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## GIRLY1 (May 11, 2011)

*PC1*
Please find attached OTS log


----------



## Cookiegal (Aug 27, 2003)

OK, the settings are fine now. Here are the bad ones from a previous OTS log:


```
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 213.109.65.147 213.109.76.57 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{ACACEC32-576F-404F-ADE6-1789CB233BB2}\\DhcpNameServer -> 213.109.65.147 213.109.76.57   (Broadcom 440x 10/100 Integrated Controller) -> 
{ECFE3E76-A06D-45F1-9CAF-355D62696902}\\DhcpNameServer -> 213.109.65.147 213.109.76.57   (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter) ->
```
And the good ones since resetting the router:


```
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{ACACEC32-576F-404F-ADE6-1789CB233BB2}\\DhcpNameServer -> 192.168.0.1   (Broadcom 440x 10/100 Integrated Controller) -> 
{ECFE3E76-A06D-45F1-9CAF-355D62696902}\\DhcpNameServer -> 192.168.0.1   (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter) ->
```
It's the numbers that are rogue IPs in the first one that were redirecting you elsewhere.

So before we move on to another PC, please post a new HijackThis default scan log.


----------



## GIRLY1 (May 11, 2011)

*PC1 - HighjackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:51:05, on 26/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5975 bytes


----------



## Cookiegal (Aug 27, 2003)

OK that looks good. We are going to have to upgrade all of the PCs to SP3 but please wait until we're finishing working on all of them. 

Here are some final instructions for you for PC1.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration but the actual command used the entire word uninstall and just the u).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start* - *All Programs* - *Accessories* - *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

You can also uninstall Avira and reinstall Norton Internet Security.

Once you've done the above, please take this PC off-line and bring only PC2 on-line so we can work on it. Please start by posting a HijackThis log and an OTS log (the same way you did for PC1).


----------



## GIRLY1 (May 11, 2011)

Thankyou... 

I have done as instructed. The only thing I came across was that when uninstalling ComboFix I came up on the attached screen shot.

So I deactivated, Firewall, Antivirus, etc, before clicking OK. I hope that was fine.

I will shortly take PC1 offline and connect to PC2 and post requested logs.

Thanks


----------



## Cookiegal (Aug 27, 2003)

There is no screenshot in your post.


----------



## GIRLY1 (May 11, 2011)

Sorry about that, must have forgot to click the upload button. Here you go.


----------



## Cookiegal (Aug 27, 2003)

You did the right thing by deactivating Avira but it would be fine since it's only the uninstall routine.


----------



## GIRLY1 (May 11, 2011)

*PC2 -*

The OTS.exe link that you provided in post 92 does not work anymore. Tried to go to the geekstogo website and that does not work either.

HighjackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:43, on 27/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 7006 bytes


----------



## Cookiegal (Aug 27, 2003)

I've been trying to find an alternate download link but can't find one that works.

Do you have a flash drive that you could use to transfer the program over from PC1 to the desktop of PC2?


----------



## GIRLY1 (May 11, 2011)

Yes, I'll do that. Was going to suggest it.

Seems like geekstogo have a Virus of their own


----------



## Cookiegal (Aug 27, 2003)

They may just be down for maintenance.


----------



## GIRLY1 (May 11, 2011)

*PC2*
Please find attached OTS log


----------



## Cookiegal (Aug 27, 2003)

I'm going through the log but in the meantime, are you using AOL at all?


----------



## Cookiegal (Aug 27, 2003)

Also, is this a folder you created?

C:\surj


----------



## GIRLY1 (May 11, 2011)

No to AOL and yes to folder creation


----------



## Cookiegal (Aug 27, 2003)

There's nothing malicious in there, just some tidying up to do with the fix. The AOL entries are just leftover firewall rules so this fix will remove those. The DNS settings are fine so you shouldn't be getting redirected on this PC any more. Is that the case?


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\AOL 9.0\waol.exe" -> [C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```


----------



## GIRLY1 (May 11, 2011)

*PC2*

Today was the first time switching on PC2 and so far have not experienced any redirects 

I have ran the fix. Please find pasted HighjackThis log and attached OTS log.

The only other issue with PC2 was when got a popup box from Adobe advising to install the latest Adobe Flash Player version. Adobe Flash Player 10.3.181.14.
All seemed fine but when trying to play a song on youtube, it did not play at the correct speed. It was like if the song was playing in slower motion and took longer than normal to play and finish. I tried playing a news item and got the same result, slower. When switching off and on the PC, the Windows four tone note was also slow. 
Before this download everthing was working fine with songs etc.

*HighjackThis log
*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:44, on 27/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 7063 bytes


----------



## Cookiegal (Aug 27, 2003)

It's possible something went wrong with the download so let's uninstall Adobe Flash and reinstall it.

First, uninstall it from the Control Panel - Add or Remove Programs but make sure that all other windows are closed before doing so. Then reboot the computer.

Then download it again please:

http://kb2.adobe.com/cps/141/tn_14157.html

Then let me know if it plays any better please.


----------



## GIRLY1 (May 11, 2011)

Just to clarify do I need to uninstall both 
Adobe Flash Player 10 ActiveX and
Adobe Flash Player 10 Plugin


----------



## Cookiegal (Aug 27, 2003)

Do you have a separate entry for that in Add or Remove Programs? I didn't think so.


----------



## GIRLY1 (May 11, 2011)

Yes, there is a separate entry for both in Add or Remove Programs


----------



## Cookiegal (Aug 27, 2003)

That's a plugin for other browsers. Do you use other browsers like Firefox?


----------



## Cookiegal (Aug 27, 2003)

But go ahead and uninstall it as well.


----------



## GIRLY1 (May 11, 2011)

I have uninstalled both and rebooted. The link you have provided is to uninstall flash player, unless I've missed the download link completely.


----------



## Cookiegal (Aug 27, 2003)

Sorry. Here's the link. Be sure to uncheck the Google Toolbar or any other download that may be offered along with it.

http://get.adobe.com/flashplayer/


----------



## GIRLY1 (May 11, 2011)

And I thought you were testing me to see if I was still awake and paying attention.

I have reinstalled it and if anything it is worse.


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> And I thought you were testing me to see if I was still awake and paying attention.


well yeah, that's what I was doing. 



> I have reinstalled it and if anything it is worse.




I would like you to drag ComboFix to the recycle bin and grab the laest version of it, run a new scan and post the new log. Be sure to disable your security programs as you did before.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## GIRLY1 (May 11, 2011)

*PC2 - ComboFix log*

ComboFix 11-05-27.01 - Admin 27/05/2011 22:11:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.225 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\puppy.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 20:24 . 2011-05-27 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-05-27 20:24 . 2011-05-27 20:24 -------- d-----w- c:\program files\NOS
2011-05-27 17:23 . 2011-05-27 17:23 -------- d-----w- C:\_OTS
2011-05-22 21:36 . 2011-05-22 21:38 -------- d-----w- C:\HostsXpert 4.3
2011-05-21 10:57 . 2011-05-27 20:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 09:25 . 2011-05-21 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-21 09:20 . 2011-05-21 09:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-21 09:18 . 2011-05-21 09:20 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2011-05-21 09:12 . 2011-05-21 09:20 -------- d-----w- c:\program files\Google
2011-05-20 18:25 . 2011-05-20 18:25 -------- d-----w- c:\program files\ESET
2011-05-18 19:49 . 2011-05-18 19:49 -------- d-----w- c:\program files\Common Files\Java
2011-05-18 19:49 . 2011-05-18 19:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-18 19:49 . 2011-05-18 19:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-13 11:07 . 2011-05-13 11:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe
2011-05-13 11:07 . 2011-05-13 11:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-10 15:05 . 2004-08-03 22:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-05-08 14:42 . 2011-05-08 14:42 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
2011-05-08 14:20 . 2011-05-22 16:43 -------- d-----w- C:\surj
2011-05-06 21:09 . 2011-05-06 21:09 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-05-06 21:09 . 2011-05-06 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-06 21:09 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 21:09 . 2011-05-06 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-06 21:09 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 21:06 . 2011-05-06 21:06 -------- d-----w- c:\windows\Sun
2011-05-06 21:04 . 2011-05-06 21:04 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-05-06 20:13 . 2011-05-06 20:13 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2011-05-06 20:06 . 2011-05-06 20:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-06 20:04 . 2011-05-06 20:04 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2011-05-06 20:00 . 2011-05-06 20:01 -------- dc-h--w- c:\windows\ie8
2011-05-06 19:56 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-06 19:56 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-06 19:56 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-05-06 19:56 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-06 19:56 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-05-06 19:56 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-06 19:56 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-05-06 10:15 . 2011-05-06 10:15 -------- d-----w- c:\windows\ServicePackFiles
2011-05-06 09:59 . 2011-05-06 15:00 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-05-06 09:55 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-06 09:53 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys
2011-05-06 09:52 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-05-06 09:52 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-05-06 09:52 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-05-06 09:52 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-05-06 09:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-05-06 09:51 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-05-06 09:51 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-06 09:51 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-05-06 09:51 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-05-06 09:49 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-06 09:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-05-06 09:45 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-05-06 09:44 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-05-06 09:43 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-05-06 01:47 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-05-05 22:20 . 2011-05-05 22:20 -------- d-sh--w- c:\documents and settings\Admin\UserData
2011-05-05 20:35 . 2011-05-09 22:52 -------- d-----w- c:\program files\Symantec
2011-05-05 20:35 . 2011-05-09 22:52 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-05 20:35 . 2011-05-09 22:52 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-05 20:35 . 2011-05-05 20:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-05 20:34 . 2011-05-10 08:58 -------- d-----w- c:\windows\system32\drivers\NIS
2011-05-05 20:34 . 2011-05-05 20:34 -------- d-----w- c:\program files\Norton Internet Security
2011-05-05 20:34 . 2011-05-05 20:34 -------- d-----w- c:\program files\Windows Sidebar
2011-05-05 20:34 . 2011-05-05 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-05-05 20:22 . 2011-05-05 20:22 -------- d-----w- c:\program files\NortonInstaller
2011-05-05 19:51 . 2005-11-03 19:39 245504 ----a-w- c:\windows\system32\drivers\Dr71WU.sys
2011-05-05 19:51 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-05-05 19:51 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-05-05 19:51 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-05-05 19:51 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-05-05 19:51 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-05-05 19:51 . 2011-05-05 19:51 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-05-05 19:51 . 2011-05-05 19:51 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-05-02 17:59 . 2011-05-02 17:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Template
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( [email protected]_22.35.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-27 19:55 . 2011-05-27 19:55 16384 c:\windows\Temp\Perflib_Perfdata_7c.dat
+ 2011-05-27 19:54 . 2011-05-27 19:54 16384 c:\windows\Temp\Perflib_Perfdata_788.dat
+ 2011-05-21 09:20 . 2011-05-21 09:20 22528 c:\windows\Installer\23078e.msi
+ 2011-05-21 09:13 . 2011-05-21 09:13 24064 c:\windows\Installer\23078a.msi
+ 2011-05-27 20:26 . 2011-05-27 20:26 240288 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-27 20:26 . 2011-05-27 20:26 321184 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-27 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-27 98304]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall Adobe Download Manager"="c:\program files\NOS\bin\getPlusUninst_Adobe.exe" [2011-03-29 40344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [09/05/2011 23:52 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [09/05/2011 23:52 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [18/05/2011 23:17 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [09/05/2011 23:52 136312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/05/2011 10:59 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110526.002\IDSXpx86.sys [27/05/2011 15:14 341944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NOSGETPLUSHELPER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-21 09:20]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-21 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 22:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-05-27 22:31:43
ComboFix-quarantined-files.txt 2011-05-27 21:31
ComboFix2.txt 2011-05-19 22:38
.
Pre-Run: 68,571,054,080 bytes free
Post-Run: 68,443,291,648 bytes free
.
- - End Of File - - 4F331C409450F247945FCE9D024870FC


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Cookiegal (Aug 27, 2003)

I would also like you to run TDSSKiller again on this computer and post the log.

http://support.kaspersky.com/viruses/solutions?qid=208280684


----------



## GIRLY1 (May 11, 2011)

No errors in Application only in System as pasted below

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 27/05/2011
Time: 19:48:40
User: N/A
Computer: D6KLM72J
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 27/05/2011
Time: 19:48:40
User: N/A
Computer: D6KLM72J
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 27/05/2011
Time: 18:23:12
User: N/A
Computer: D6KLM72J
Description:
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

You may have missed my previous post asking you to run TDSSKiller again on this PC.

I would also like you to run both of these again:

Please download *MBRCheck.exe* to your desktop.

Be sure to disable your security programs prior to running the tool. 
Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
_(Vista and Windows 7 users will have to confirm the UAC prompt)_
A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press *N* then press *Enter*.
Press *Enter* again to exit the program.
If nothing unusual is found, you will be shown the machine MBR status. Just press *Enter* to exit.
A text file named *MBRCheck_mm.dd.yy_hh.mm.ss* should appear on your deskop. Please post the contents of that file.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.


----------



## GIRLY1 (May 11, 2011)

*PC2 TDSSKiller log*

2011/05/27 23:13:40.0250 2576 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 23:13:42.0281 2576 ================================================================================
2011/05/27 23:13:42.0281 2576 SystemInfo:
2011/05/27 23:13:42.0281 2576 
2011/05/27 23:13:42.0281 2576 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/27 23:13:42.0281 2576 Product type: Workstation
2011/05/27 23:13:42.0328 2576 ComputerName: D6KLM72J
2011/05/27 23:13:42.0406 2576 UserName: Admin
2011/05/27 23:13:42.0406 2576 Windows directory: C:\WINDOWS
2011/05/27 23:13:42.0406 2576 System windows directory: C:\WINDOWS
2011/05/27 23:13:42.0406 2576 Processor architecture: Intel x86
2011/05/27 23:13:42.0406 2576 Number of processors: 1
2011/05/27 23:13:42.0406 2576 Page size: 0x1000
2011/05/27 23:13:42.0406 2576 Boot type: Normal boot
2011/05/27 23:13:42.0406 2576 ================================================================================
2011/05/27 23:13:57.0531 2576 Initialize success
2011/05/27 23:14:03.0843 2172 ================================================================================
2011/05/27 23:14:03.0843 2172 Scan started
2011/05/27 23:14:03.0843 2172 Mode: Manual; 
2011/05/27 23:14:03.0843 2172 ================================================================================
2011/05/27 23:14:07.0843 2172 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/27 23:14:09.0218 2172 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/27 23:14:09.0968 2172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/27 23:14:11.0281 2172 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/27 23:14:12.0968 2172 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/27 23:14:14.0437 2172 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/27 23:14:16.0390 2172 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/27 23:14:17.0437 2172 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/27 23:14:18.0265 2172 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/27 23:14:19.0515 2172 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/27 23:14:20.0328 2172 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/27 23:14:21.0062 2172 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/27 23:14:21.0625 2172 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/27 23:14:22.0312 2172 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/27 23:14:22.0843 2172 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/27 23:14:23.0359 2172 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/05/27 23:14:24.0125 2172 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/27 23:14:24.0734 2172 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/27 23:14:25.0468 2172 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/27 23:14:26.0156 2172 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/05/27 23:14:26.0859 2172 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/27 23:14:27.0609 2172 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/27 23:14:28.0921 2172 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/27 23:14:30.0203 2172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/27 23:14:30.0828 2172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/27 23:14:32.0296 2172 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/05/27 23:14:34.0296 2172 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/27 23:14:35.0125 2172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/27 23:14:35.0625 2172 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/27 23:14:36.0062 2172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/27 23:14:36.0671 2172 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/27 23:14:37.0296 2172 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/27 23:14:38.0281 2172 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/27 23:14:38.0781 2172 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/27 23:14:39.0640 2172 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/27 23:14:40.0390 2172 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/27 23:14:40.0953 2172 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/27 23:14:41.0328 2172 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/27 23:14:41.0625 2172 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/27 23:14:42.0218 2172 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/05/27 23:14:42.0796 2172 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/27 23:14:43.0203 2172 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/27 23:14:43.0531 2172 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/27 23:14:43.0828 2172 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/05/27 23:14:44.0171 2172 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/27 23:14:44.0531 2172 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/27 23:14:45.0531 2172 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/27 23:14:46.0484 2172 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/27 23:14:47.0187 2172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/27 23:14:47.0687 2172 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/27 23:14:48.0125 2172 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/27 23:14:48.0515 2172 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/27 23:14:48.0953 2172 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/27 23:14:49.0421 2172 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/27 23:14:49.0843 2172 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/27 23:14:50.0109 2172 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/27 23:14:50.0468 2172 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/27 23:14:50.0875 2172 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/27 23:14:51.0406 2172 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/27 23:14:51.0843 2172 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/27 23:14:52.0187 2172 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/27 23:14:52.0734 2172 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/27 23:14:53.0109 2172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/27 23:14:53.0625 2172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/27 23:14:54.0046 2172 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/27 23:14:54.0625 2172 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/27 23:14:54.0953 2172 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/27 23:14:55.0531 2172 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/27 23:14:56.0218 2172 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/27 23:14:56.0734 2172 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/27 23:14:57.0156 2172 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/27 23:14:58.0000 2172 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/27 23:14:59.0015 2172 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110527.001\IDSxpx86.sys
2011/05/27 23:14:59.0859 2172 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/27 23:15:00.0703 2172 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/27 23:15:01.0140 2172 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/27 23:15:01.0953 2172 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/27 23:15:02.0812 2172 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/27 23:15:03.0625 2172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/27 23:15:04.0531 2172 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/27 23:15:05.0265 2172 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/27 23:15:06.0296 2172 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/27 23:15:07.0187 2172 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/27 23:15:07.0984 2172 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/27 23:15:08.0765 2172 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/27 23:15:09.0437 2172 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/27 23:15:09.0968 2172 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/27 23:15:10.0656 2172 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/27 23:15:11.0640 2172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/27 23:15:12.0093 2172 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/27 23:15:12.0640 2172 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/27 23:15:13.0109 2172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/27 23:15:13.0734 2172 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/27 23:15:14.0312 2172 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/27 23:15:15.0031 2172 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/27 23:15:16.0093 2172 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/27 23:15:16.0937 2172 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/27 23:15:17.0656 2172 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/27 23:15:18.0171 2172 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/27 23:15:18.0781 2172 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/27 23:15:19.0265 2172 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/27 23:15:19.0968 2172 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/27 23:15:20.0578 2172 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110527.002\NAVENG.SYS
2011/05/27 23:15:22.0015 2172 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110527.002\NAVEX15.SYS
2011/05/27 23:15:23.0390 2172 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/27 23:15:24.0203 2172 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/27 23:15:24.0890 2172 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/27 23:15:25.0687 2172 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/27 23:15:26.0296 2172 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/27 23:15:27.0031 2172 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/27 23:15:27.0765 2172 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/27 23:15:28.0375 2172 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/27 23:15:29.0187 2172 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/27 23:15:30.0281 2172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/27 23:15:32.0125 2172 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/27 23:15:34.0265 2172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/27 23:15:34.0968 2172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/27 23:15:35.0906 2172 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/27 23:15:36.0875 2172 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/27 23:15:37.0359 2172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/27 23:15:38.0093 2172 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/27 23:15:39.0171 2172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/27 23:15:39.0734 2172 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/27 23:15:41.0546 2172 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/27 23:15:42.0203 2172 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/27 23:15:42.0968 2172 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/27 23:15:43.0515 2172 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/27 23:15:44.0140 2172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/27 23:15:44.0671 2172 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/27 23:15:45.0171 2172 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/27 23:15:45.0687 2172 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/27 23:15:46.0156 2172 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/27 23:15:46.0687 2172 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/27 23:15:47.0234 2172 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/27 23:15:47.0875 2172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/27 23:15:48.0312 2172 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/27 23:15:48.0875 2172 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/27 23:15:49.0671 2172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/27 23:15:50.0218 2172 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/27 23:15:50.0796 2172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/27 23:15:51.0375 2172 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/27 23:15:52.0000 2172 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/27 23:15:52.0640 2172 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/27 23:15:53.0203 2172 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2011/05/27 23:15:53.0671 2172 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/27 23:15:54.0593 2172 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/27 23:15:55.0046 2172 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/27 23:15:55.0546 2172 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/27 23:15:56.0000 2172 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/27 23:15:56.0812 2172 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/27 23:15:57.0546 2172 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/27 23:15:58.0062 2172 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/27 23:15:58.0515 2172 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/27 23:15:59.0000 2172 sr  (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/27 23:15:59.0859 2172 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/05/27 23:16:00.0828 2172 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/05/27 23:16:01.0468 2172 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/27 23:16:02.0078 2172 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/27 23:16:02.0625 2172 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/27 23:16:03.0156 2172 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/27 23:16:03.0609 2172 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/27 23:16:04.0250 2172 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/05/27 23:16:05.0234 2172 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/05/27 23:16:06.0140 2172 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/27 23:16:06.0781 2172 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/05/27 23:16:07.0546 2172 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
2011/05/27 23:16:08.0156 2172 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/27 23:16:08.0687 2172 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/27 23:16:09.0296 2172 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/27 23:16:09.0937 2172 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/27 23:16:10.0812 2172 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/27 23:16:11.0234 2172 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/27 23:16:11.0875 2172 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/27 23:16:12.0531 2172 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/27 23:16:13.0312 2172 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/27 23:16:13.0812 2172 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/27 23:16:14.0375 2172 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/27 23:16:14.0953 2172 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/27 23:16:15.0312 2172 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/27 23:16:15.0859 2172 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/27 23:16:17.0015 2172 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/27 23:16:51.0750 2172 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/27 23:17:08.0828 2172 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/27 23:17:09.0609 2172 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/27 23:17:10.0234 2172 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/27 23:17:10.0906 2172 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/27 23:17:12.0640 2172 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/27 23:17:12.0796 2172 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
2011/05/27 23:17:12.0859 2172 ================================================================================
2011/05/27 23:17:12.0859 2172 Scan finished
2011/05/27 23:17:12.0859 2172 ================================================================================
2011/05/27 23:17:12.0875 3220 Detected object count: 0
2011/05/27 23:17:12.0875 3220 Actual detected object count: 0


----------



## GIRLY1 (May 11, 2011)

*PC2 MBR DAT * zipped file attached

*PC2 MBRCheck*

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line: 
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 pciide.sys
0xF87B8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF84A1000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8482000 fltMgr.sys
0xF842B000 SYMDS.SYS
0xF8419000 sr.sys
0xF835E000 SYMEFA.SYS
0xF8348000 DRVMCDB.SYS
0xF87C8000 PxHelp20.sys
0xF8331000 KSecDD.sys
0xF82A4000 Ntfs.sys
0xF8277000 NDIS.sys
0xF825C000 Mup.sys
0xF8798000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7985000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7971000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8850000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF794E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8858000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7928000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8860000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8868000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8598000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8223000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7914000 \SystemRoot\system32\DRIVERS\parport.sys
0xF85A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8ABE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF85B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF78F1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78B1000 \SystemRoot\system32\drivers\smwdm.sys
0xF788D000 \SystemRoot\system32\drivers\portcls.sys
0xF85D8000 \SystemRoot\system32\drivers\drmk.sys
0xF77DA000 \SystemRoot\system32\drivers\senfilt.sys
0xF8BD6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF85F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF821B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF77A4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8608000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8618000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8870000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7793000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8638000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8830000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8838000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5D9F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8848000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A66000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5095000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A28000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF5D4F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF5D2F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A84000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF5B00000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8A8A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF59DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF56AD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF5AF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA748000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
0xF8A9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF5329000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A9E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF5AE8000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF5AE0000 \SystemRoot\System32\drivers\vga.sys
0xF8AA0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AA2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF5AD8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF5AD0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF5089000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA715000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA6BD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA664000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
0xBA63E000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBA4AD000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA48B000 \SystemRoot\System32\drivers\afd.sys
0xF569D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA467000 \SystemRoot\system32\drivers\NIS\1206000.01D\Ironx86.SYS
0xF568D000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
0xBA43C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA3CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF567D000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA3AC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF566D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8A1C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA34E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB49F7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB492F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
0xB5B9B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB4917000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB7F0C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB53D7000 \SystemRoot\System32\drivers\Dxapi.sys
0xB54C5000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
 0xF8BAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF070000 \SystemRoot\System32\ialmdd5.DLL
0xB4A15000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF5426000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB4901000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF5075000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB79CB000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB54A5000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB48E9000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB48D3000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF89F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4806000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8900000 \??\C:\WINDOWS\system32\ANIO.SYS
0xB47BB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF8AF8000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB4756000 \SystemRoot\system32\drivers\wdmaud.sys
0xB544B000 \SystemRoot\system32\drivers\sysaudio.sys
0xB45BA000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3EE9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3DC1000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
0xB3461000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110527.001\IDSxpx86.sys
0xB3422000 \SystemRoot\system32\drivers\kmixer.sys
0xB32AB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110527.002\NAVEX15.SYS
0xB3297000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110527.002\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 41):
0 System Idle Process
4 System
724 C:\WINDOWS\system32\smss.exe
796 csrss.exe
820 C:\WINDOWS\system32\winlogon.exe
864 C:\WINDOWS\system32\services.exe
876 C:\WINDOWS\system32\lsass.exe
1040 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1232 svchost.exe
1360 svchost.exe
1468 C:\WINDOWS\explorer.exe
1720 C:\WINDOWS\system32\spoolsv.exe
1796 svchost.exe
1912 C:\Program Files\Java\jre6\bin\jqs.exe
184 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
460 wdfmgr.exe
2000 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2024 C:\WINDOWS\system32\hkcmd.exe
292 C:\WINDOWS\system32\igfxpers.exe
328 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
600 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
664 C:\Program Files\Real\RealPlayer\realplay.exe
784 C:\Program Files\QuickTime\qttask.exe
512 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2124 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
2224 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
2248 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2272 C:\Program Files\Dell Support\DSAgnt.exe
3800 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
2848 C:\WINDOWS\system32\svchost.exe
3500 alg.exe
2384 C:\WINDOWS\system32\svchost.exe
2456 C:\WINDOWS\system32\ctfmon.exe
2196 C:\WINDOWS\system32\wuauclt.exe
2892 C:\Program Files\Internet Explorer\iexplore.exe
3496 C:\Program Files\Internet Explorer\iexplore.exe
2736 C:\WINDOWS\system32\wscntfy.exe
208 C:\Documents and Settings\Admin\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
PhysicalDrive0 Model Number: WDCWD800BB-75JHC0, Rev: 06.01C06
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Done!

*PC2 aswMBR log*

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-27 23:29:59
-----------------------------
23:29:59.546 OS Version: Windows 5.1.2600 Service Pack 2
23:29:59.546 Number of processors: 1 586 0x401
23:29:59.546 ComputerName: D6KLM72J UserName: Admin
23:30:01.203 Initialize success
23:30:12.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:30:12.890 Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
23:30:12.921 Disk 0 MBR read successfully
23:30:12.921 Disk 0 MBR scan
23:30:12.921 Disk 0 unknown MBR code
23:30:12.921 Disk 0 scanning sectors +156232125
23:30:13.000 Disk 0 scanning C:\WINDOWS\system32\drivers
23:30:26.328 Service scanning
23:30:28.812 Disk 0 trace - called modules:
23:30:28.828 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
23:30:28.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823dcab8]
23:30:28.828 3 CLASSPNP.SYS[f857905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823ddb00]
23:30:28.828 Scan finished successfully
23:30:59.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
23:30:59.937 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Did you update the Adobe Flash on PC1 to the same version as this one? If so, did it cause any problems on that machine?


----------



## GIRLY1 (May 11, 2011)

No, everything is working fine on PC1. So haven't changed a thing. It has 
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin


----------



## Cookiegal (Aug 27, 2003)

Yes but had you updated Flash to version 10.3.181.14 on PC1 as well?

Also, what browser do you generally use?


----------



## GIRLY1 (May 11, 2011)

No, have not updated to ver 10.3.181.14 on *PC1*

*PC1 
*Adobe Flash Player 10 ActiveX - 10.0.42.34
Adobe Flash Player 10 Plugin - 10.1.53.64

For *PC1 & PC2* use IE8 - ver 8.0.6001.1.8702


----------



## Cookiegal (Aug 27, 2003)

OK when using IE8 you don't need the plugin as that's for other browsers like Firefox, Chrome, etc.

That version of Flash on PC1 is extremely old and vulnerable.

The only problem remaining on PC2 is the flash issue (correct me if I'm wrong).

In order to troubleshoot the flash problem, we have a couple of options to try:

First of all, this newer version of Flash has a higher bit rate and it's possible your Internet connection doesn't support it. If that's the case, you would have to contact your Internet Provider to see if there are problems with your speed and maybe they could increase it a bit.

I assume you have high speed internet service?

But in order to test that, we need to see if the problem would exist on another one of the PCs so we could install the latest version on PC1 and see if it suffers the same issue playing videos. If it does then it's likely the internet connection speed rate.

Another option for testing purposes is to uninstall the latest version on PC2 and reinstall a slightly older one to see if that solves the problem. But that's only a temporary solution as it's very important to be running the latest version of Flash for security reasons. And if it does, we would still have to update PC1 to see if it has the same problem with the latest version.

So please let me know which you'd like to try first please.


----------



## GIRLY1 (May 11, 2011)

Yes have broadband and speed is 54.0 Mbps. 

Can we uninstall the latest version on PC2 and reinstall a slightly older one to see if that solves the problem first please.

*PC2*

The only other thing with PC2 is that is seems slower and get High Memory/CPU usage pop ups now and again. This happens even when I only have one window open and nothing else. Not sure what is running in the background and what should be running and what does not need to be running. There is not much on PC2 and I thought it would run alot faster than it currently is.

Thanks


----------



## Cookiegal (Aug 27, 2003)

This time we will uninstall Flash using the uninstaller tool which is more thorough as the regular method may not allow us to install an older version as it recognizes the security risk related to it.

Be sure all windows are closing when doing both of the following operations.

Please follow the instructions in the following link to download the tool and run it to uninstall Flash. Then reboot the machine.

http://kb2.adobe.com/cps/141/tn_14157.html

Next, click on the following link to download the installer for the older version. It's a zipped file so please save it to your desktop and then unzip it (extract the files) and double-click the installer to run it.

http://fpdownload.macromedia.com/get/flashplayer/installers/archive/fp_10.2.159.1_archive.zip

Let me know how the videos play after doing the above please.

Also, please post a new HijackThis log.


----------



## GIRLY1 (May 11, 2011)

All done. It has made no difference(playing in slow motion and broken sound - speeds up alittle and then same thing again). Please find below PC2 HijackThis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:08, on 28/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 6941 bytes


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## GIRLY1 (May 11, 2011)

*PC2*

725plc32
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AirPlus G
ANIO Service
ANIWZCS2 Service
ARTEuro
CinepPlayer 30 Update
Corel Paint Shop Pro X
Corel Photo Album 6
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
ESET Online Scanner v3
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java(TM) 6 Update 25
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Works 7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic Activation Module
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Windows Internet Explorer 8
Windows Media Format Runtime


----------



## Cookiegal (Aug 27, 2003)

I see you let the Google Toolbar install when I said to uncheck that. No big deal but you can uninstall it from the Control Panel - Add or Remove programs. While you're at it, also uninstall this:

Viewpoint Media Player

Now, we need to bring PC1 back on-line and update the Flash to the latest version (first run the uninstaller and then reboot the machine before running the installer). It's the only way we'll know if it's the problem is universal or just on PC2.


----------



## GIRLY1 (May 11, 2011)

Now that is weird, I definately did uncheck Google Toolbar. Anyway I have unistalled it and Viewpoint Media Player.

Will write back from PC1.


----------



## Cookiegal (Aug 27, 2003)

Ok.


----------



## GIRLY1 (May 11, 2011)

Ok...loaded latest Flash Player on *PC1* played a song on Youtube and everything is fine. :up: The only thing is that it is taking longer than normal to download the song and when playing it, it hangs up and stops playing, until it downloads more of the song and starts playing again. Waited for it to download fully and played it back and it played correctly without any issues.
Normally, would download alot quicker without any issues. Checked speed and signal strength and both fine.
I think we can eliminate the idea that it is a universal problem and looks like that it is related only to *PC2*.

But same as with PC2, PC1 is running slower than I would it expect to, received High Memory/CPU usage pop up boxes when carrying out the instructions.


----------



## Cookiegal (Aug 27, 2003)

There isn't a lot of memory with only 512 of RAM so that could be increased and would surely help.

I don't believe any infection remains but let's do an on-line scan on PC2:

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## GIRLY1 (May 11, 2011)

*PC2* Eset scan log

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=54f1ac06a4e3de44a082c4b490f5f2a3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-20 06:49:05
# local_time=2011-05-20 07:49:05 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777174 85 82 898316 9809045 0 0
# compatibility_mode=8192 67108863 100 0 305 305 0 0
# scanned=37532
# found=2
# cleaned=2
# scan_time=1114
C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0003682.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=54f1ac06a4e3de44a082c4b490f5f2a3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-29 01:29:17
# local_time=2011-05-29 02:29:17 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777174 85 82 1655220 10565949 0 0
# compatibility_mode=8192 67108863 100 0 757209 757209 0 0
# scanned=42410
# found=0
# cleaned=0
# scan_time=2626


----------



## Cookiegal (Aug 27, 2003)

Do you connect to the Internet wirelessly all the time?


----------



## Cookiegal (Aug 27, 2003)

I would also like you to check when was the last time the time was synchronized.

Go to Control Panel and click on Date and Time. Click on the Internet Time tab and tell me what it says beside server: please and below that when the last successful synchronization was.


----------



## Cookiegal (Aug 27, 2003)

We can also increase the size of the paging file which may help with the memory messages.

Go to the Control Panel and if in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System). 

On the Advanced tab, under Performance, click Settings. 

On the Advanced tab, under Virtual memory, click Change and select the radio dial beside "System managed size" and click OK. 

This will increase it slightly. 

After doing that, let me know if there's any difference.


----------



## GIRLY1 (May 11, 2011)

Yes most of the time it is wirelessly. 

Regarding synchronisation
Server : time-a.nist.gov

There is also a note just underneath this which reads;

An error occurred while Windows was synchronising with time.windows.com

It does not provide the last successful synchronisation.


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> Yes most of the time it is wirelessly.
> 
> Regarding synchronisation
> Server : time-a.nist.gov
> ...


Beside the server to the right please click on "Update Now" and let me know if you get a message that says it was successful.


----------



## GIRLY1 (May 11, 2011)

Successfully synchronised


----------



## Cookiegal (Aug 27, 2003)

Have you made the adjdustment to the paging file?


----------



## GIRLY1 (May 11, 2011)

Yes... I have made adjustment to paging file.

Something is wrong with synchronisatoin as I went back into it and it advised what I had originally seen and after it had been successfully synchronised by clicking Update Now;

An error occurred while Windows was synchronising with time.windows.com.


----------



## Cookiegal (Aug 27, 2003)

Click beside the sever and choose one of the other servers and click Update Now again and wait until you get a message that it was successful.


----------



## GIRLY1 (May 11, 2011)

OK, done now...would not synchronise with 

time.windows.com
or
time.nist.gov

but did so with 
time-a.nist.gov
(original one that was already populated and successfully updated)

Will keep an eye on it to see if it changes again


----------



## Cookiegal (Aug 27, 2003)

OK, please do and let me know if it fails again. It's important that the time be synchronized for some applications to function properly.

Have you noticed any difference in the performance since doing these last operations?


----------



## GIRLY1 (May 11, 2011)

Ok, have periodically checked synchronised time and it has not changed.

Performance wise, slight improvement.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## GIRLY1 (May 11, 2011)

*PC2 - HighjackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:13:34, on 30/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 6456 bytes


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Stop gupdate*

Then press Enter

Type:

*SC Delete gupdate*

Then press Enter

Type:

*Exit*

Then press Enter.

Go to *Sart *- *Run *- type in *msconfig *and click OK then click on the Startup tab and uncheck the following so they don't run on startup.

SoundMAXPnP
IgfxTray
igfxpers
ISUSPM Startup
ISUSScheduler
QuickTime Task
DLA
Corel Photo Downloader
jusched

Then click "Apply" and "OK".

Then reboot the computer and let me know if there's any improvement.


----------



## GIRLY1 (May 11, 2011)

*PC2*
Just want to clarify what I will be unchecking as some of the names are slightly different.

Your list 
SoundMAXPnP 
IgfxTray 
igfxpers 
ISUSPM Startup 
ISUSScheduler 
QuickTime Task 
DLA 
Corel Photo Downloader 
jusched

Startup tab list
smax4pnp
igfxtray
igfxpers
isuspm
issch
qttask
DLACTRLW
MediaDetect
jusched

Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes, that's correct. I didn't have all of the same ones on mind so I wasn't sure of the exact names.


----------



## GIRLY1 (May 11, 2011)

When clicking apply I am getting the following message;

An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.

It has adivsed to reboot as I had made changes.


----------



## Cookiegal (Aug 27, 2003)

If you go back into msconfig are the ones you unchecked still unchecked?


----------



## GIRLY1 (May 11, 2011)

Ok rebooted and checked to see if the apply has taken effect, which it has. Will keep an eye on to see if it has made a difference.
All the ones that were unchecked are still unchecked.

Thanks


----------



## GIRLY1 (May 11, 2011)

I did get the folliwng message up after reboot

You have used the System Configuration Utility to make changes to the way Windows starts.

The System Configuration Utility is currently in Diagnostic or Selective Startup mode, cusing this message to be displayed and the Utility to run every time Windows starts.

Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

'Checkbox' Don't show this message or launch the System Configuration Utility when Windows starts.


----------



## Cookiegal (Aug 27, 2003)

Yes, put a check mark in the box so you don't get that message every time.

Please post a new HijackThis log.


----------



## GIRLY1 (May 11, 2011)

*PC2 HijackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:10, on 30/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 5193 bytes


----------



## Cookiegal (Aug 27, 2003)

Are there any programs that you have installed that you don't need or use any longer? If so then I recommend that you uninstall them through the Control Panel - Add or Remove programs.

How are things with this PC now? Are videos playing any better?


----------



## GIRLY1 (May 11, 2011)

*PC2*

I'll go through them and uninstall them as recommended. PC is a little better than before.

As with videos and sound, that is still the same(ever since loading the current version of Flash Player). Sometimes grinds to a halt before speeding up again. Maybe we can put that on the back burner for now and come back to it later on. And move onto PC3?

Please let me know your thoughts.
Thanks


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC2*
> 
> I'll go through them and uninstall them as recommended. PC is a little better than before.
> 
> ...


Yes, I was going to suggest that as well so let's move on to PC3.


----------



## Cookiegal (Aug 27, 2003)

Please go * here* to download *HijackThis*.

To the right of the green arrow under *HijackThis downloads* click on the *Executable *button and download the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## GIRLY1 (May 11, 2011)

*PC3*

Before I do this. A little background. PC3 was the most and heaviest used. I believe there may be at least one TIDServ virus on PC3 and possibly more but am not sure and could be wrong. It has stayed disconnected from the internet since I started getting these issues.

May I first action as per your post No:90, as there is an old version of NIS on there which I believe could well be well out of date.
After all corrections have been done I can load the latest version of NIS the same as PC1&2 onto PC3 and uninstall Avira.

Thanks


----------



## Cookiegal (Aug 27, 2003)

I'm not quite sure what you're asking. Are you asking if you should uninstall Norton and install Avira until after we finish working on this computerand then reinstall Norton? If Norton is out of date, it might be good to install Avira. Do you have a three PC license for Norton?


----------



## GIRLY1 (May 11, 2011)

That's correct. 
Uninstall the NIS version on PC3 that is out of date.
Install Avira
Finish working on PC3 
Install latest version of NIS(and yes it is a 3 PC licence)


----------



## Cookiegal (Aug 27, 2003)

Yes, that would be fine.


----------



## GIRLY1 (May 11, 2011)

*PC3 - HijackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:04, on 31/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GAGEZ8R8ZB] C:\WINDOWS\Hgunob.exe
O4 - HKCU\..\Run: [k70ccreloc.exe] C:\Documents and Settings\Administrator\Application Data\14B685D62DFA3D34EF1C41FA33576BBD\k70ccreloc.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5751 bytes


----------



## GIRLY1 (May 11, 2011)

*PC3 - DDS by sUBs*

*PC3 - DDS log*

.
DDS (Ver_11-05-19.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Administrator at 11:52:33 on 2011-05-31
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2046.1486 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [GAGEZ8R8ZB] c:\windows\Hgunob.exe
uRun: [k70ccreloc.exe] c:\documents and settings\administrator\application data\14b685d62dfa3d34ef1c41fa33576bbd\k70ccreloc.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-2 135664]
.
=============== Created Last 30 ================
.
2011-05-31 10:38:01 -------- d-----w- c:\documents and settings\administrator\application data\Avira
2011-05-31 10:26:16 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-31 10:26:16 -------- d-----w- c:\program files\Trend Micro
2011-05-31 10:04:39 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-31 10:04:39 -------- d-----w- c:\program files\Avira
2011-05-31 10:04:39 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-05-31 09:57:51 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2011-04-13 00:49:31 0 ----a-w- c:\windows\Ajudaloqe.bin
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 11:53:04.76 ===============

*PC3 - attach log*

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 21/10/2009 18:58:15
System Uptime: 31/05/2011 10:07:42 (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0Y1057
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 27.396 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 186 GiB total, 173.671 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_10021102&REV_04\4&1C660DD6&0&50F0
Manufacturer: 
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_10021102&REV_04\4&1C660DD6&0&50F0
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00601102&REV_04\4&1C660DD6&0&51F0
Manufacturer: 
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00601102&REV_04\4&1C660DD6&0&51F0
Service: 
.
==== System Restore Points ===================
.
RP362: 23/01/2011 19:43:00 - System Checkpoint
RP363: 26/01/2011 01:34:01 - System Checkpoint
RP364: 28/01/2011 19:16:33 - System Checkpoint
RP365: 29/01/2011 19:20:53 - System Checkpoint
RP366: 30/01/2011 19:48:54 - System Checkpoint
RP367: 01/02/2011 00:51:11 - System Checkpoint
RP368: 02/02/2011 02:40:22 - System Checkpoint
RP369: 04/02/2011 22:12:11 - System Checkpoint
RP370: 06/02/2011 19:27:49 - System Checkpoint
RP371: 08/02/2011 00:13:16 - System Checkpoint
RP372: 10/02/2011 23:18:53 - System Checkpoint
RP373: 12/02/2011 20:53:39 - System Checkpoint
RP374: 13/02/2011 21:52:51 - System Checkpoint
RP375: 14/02/2011 22:20:32 - System Checkpoint
RP376: 15/02/2011 22:37:01 - System Checkpoint
RP377: 17/02/2011 19:32:04 - System Checkpoint
RP378: 18/02/2011 20:10:30 - System Checkpoint
RP379: 19/02/2011 23:28:33 - System Checkpoint
RP380: 20/02/2011 23:47:24 - System Checkpoint
RP381: 22/02/2011 17:41:23 - System Checkpoint
RP382: 23/02/2011 20:45:08 - System Checkpoint
RP383: 24/02/2011 20:59:25 - System Checkpoint
RP384: 25/02/2011 21:37:19 - System Checkpoint
RP385: 26/02/2011 22:28:09 - System Checkpoint
RP386: 27/02/2011 23:14:13 - System Checkpoint
RP387: 01/03/2011 19:59:08 - System Checkpoint
RP388: 03/03/2011 01:17:42 - System Checkpoint
RP389: 05/03/2011 17:24:18 - System Checkpoint
RP390: 06/03/2011 19:49:51 - System Checkpoint
RP391: 07/03/2011 20:17:42 - System Checkpoint
RP392: 08/03/2011 21:21:37 - System Checkpoint
RP393: 10/03/2011 22:28:36 - System Checkpoint
RP394: 12/03/2011 02:39:12 - System Checkpoint
RP395: 13/03/2011 10:10:18 - System Checkpoint
RP396: 17/03/2011 05:04:59 - System Checkpoint
RP397: 18/03/2011 05:07:50 - System Checkpoint
RP398: 19/03/2011 12:46:48 - System Checkpoint
RP399: 20/03/2011 14:41:39 - System Checkpoint
RP400: 21/03/2011 19:51:27 - System Checkpoint
RP401: 23/03/2011 15:26:58 - System Checkpoint
RP402: 24/03/2011 19:27:36 - System Checkpoint
RP403: 26/03/2011 10:42:16 - System Checkpoint
RP404: 27/03/2011 13:31:14 - System Checkpoint
RP405: 29/03/2011 00:22:42 - System Checkpoint
RP406: 31/03/2011 00:58:19 - System Checkpoint
RP407: 01/04/2011 02:18:57 - System Checkpoint
RP408: 02/04/2011 12:47:31 - System Checkpoint
RP409: 03/04/2011 14:00:15 - System Checkpoint
RP410: 05/04/2011 19:43:28 - System Checkpoint
RP411: 09/04/2011 12:56:31 - System Checkpoint
RP412: 16/04/2011 15:27:25 - System Checkpoint
RP413: 17/04/2011 18:59:48 - System Checkpoint
RP414: 22/04/2011 20:30:43 - System Checkpoint
RP415: 24/04/2011 13:28:25 - System Checkpoint
RP416: 10/05/2011 15:16:53 - System Checkpoint
RP417: 30/05/2011 22:23:16 - System Checkpoint
RP418: 31/05/2011 11:17:10 - Installed HiJackThis
RP419: 31/05/2011 11:19:16 - Removed HiJackThis
RP420: 31/05/2011 11:21:14 - Installed HiJackThis
RP421: 31/05/2011 11:23:01 - Removed HiJackThis
RP422: 31/05/2011 11:26:15 - Installed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AirPlus G
ANIO Service
ANIWZCS2 Service
Avira AntiVir Personal - Free Antivirus
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java Auto Updater
Java(TM) 6 Update 21
Junkyard Adventures in Space
Learning Ladder Year 4
Letts Practise Maths Stage 1
Malwarebytes' Anti-Malware
Microsoft Office 2000 SR-1 Premium
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
QuickTime
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SoundMAX
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 11:03:28, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
31/05/2011 11:03:28, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX3\redist.dll. Reference error message: The operation completed successfully. .
31/05/2011 11:03:28, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
31/05/2011 10:08:24, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
30/05/2011 21:57:22, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## GIRLY1 (May 11, 2011)

*PC3 - GMER log*

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-05-31 13:09:09
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18 WDC_WD400EB-75CPF0 rev.06.04G06
Running: mu3m9hvb.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtdipow.sys

---- System - GMER 1.0.15 ----
SSDT 899F7BF0 ZwAlertResumeThread
SSDT 89A18D28 ZwAlertThread
SSDT 89990180 ZwAllocateVirtualMemory
SSDT 899718B0 ZwConnectPort
SSDT B07E6C7E ZwCreateKey
SSDT 89AF1820 ZwCreateMutant
SSDT B07E6C74 ZwCreateThread
SSDT B07E6C83 ZwDeleteKey
SSDT B07E6C8D ZwDeleteValueKey
SSDT 89BA3550 ZwFreeVirtualMemory
SSDT 899C65A8 ZwImpersonateAnonymousToken
SSDT 899C6970 ZwImpersonateThread
SSDT B07E6C92 ZwLoadKey
SSDT 899ED308 ZwMapViewOfSection
SSDT 899C5CA8 ZwOpenEvent
SSDT B07E6C60 ZwOpenProcess
SSDT 89916948 ZwOpenProcessToken
SSDT B07E6C65 ZwOpenThread
SSDT 89920820 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0xF76BC880]
SSDT B07E6C9C ZwReplaceKey
SSDT B07E6C97 ZwRestoreKey
SSDT 899446B8 ZwResumeThread
SSDT 89AFAB98 ZwSetContextThread
SSDT 89AF42A0 ZwSetInformationProcess
SSDT 899516B8 ZwSetInformationThread
SSDT B07E6C88 ZwSetValueKey
SSDT 899C0AC0 ZwSuspendProcess
SSDT 895F9090 ZwSuspendThread
SSDT 89916C50 ZwTerminateProcess
SSDT 89A2E5F0 ZwTerminateThread
SSDT 89916290 ZwUnmapViewOfSection
SSDT 894531D8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\Drivers\SYMEVENT.SYS The system cannot find the file specified. !
?  System32\Drivers\SYMTDI.SYS The system cannot find the path specified. !
? C:\WINDOWS\system32\drivers\wpsdrvnt.sys The system cannot find the file specified. !
? C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys The system cannot find the file specified. !
? System32\Drivers\SYMREDRV.SYS The system cannot find the path specified. !
? C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys The system cannot find the file specified. !
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2420] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3404] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1348] 0x60F10000 
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1348] 0x60FE0000 
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2680] 0x60F80000 
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2680] 0x683A0000 
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2680] 0x6AA70000 
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2680] 0x68390000 
---- EOF - GMER 1.0.15 ----


----------



## GIRLY1 (May 11, 2011)

PC3

Just beeen reminded that TDSSKill was run on PC3, cannot seem to find the logs or the TDSSkill program. Must have deleted them both after running. I did take screen shot of the virus via NIS.


----------



## Cookiegal (Aug 27, 2003)

Yes, I remembered TDSSKiller had been run on this machine.

But this is bad news. The screenshot shows a Sality infection and this one is not curable. It's a file infector that infects all exe and other types of files and though it can sometimes be cleaned it generally leaves the files corrupt so there will always be problems remaining.

Do you know if this was found on the other PCs as well? I saw no indication of it.


----------



## Cookiegal (Aug 27, 2003)

You can read about this type of infections here:

http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


----------



## GIRLY1 (May 11, 2011)

The Sality infections are from 2009. The weird thing is that have used PC3 since that time without experiencing any kind of file corruption/problems, no issues with windows, etc.
This is cause for concern

In the screen shot it advised that they were cleaned, does this actually mean that they were not cleaned? And that theyhave been on the PC since this time doing more damage? But in a covert sort of way? And without casuing any sort of problems when the PC was being used? 

I to did not see any indication at all that this virus was on the other two PC's.


----------



## Cookiegal (Aug 27, 2003)

It's possible, yes. The file may have been cleaned but the infection is buggy so when the cleaning is done it doesn't necessarily repair the files to their proper state.

We can try another scanner to see if any more are infected but that doesn't mean it's not damaged.

*Click here* to download *Dr.Web CureIt* and save it to your desktop.

Doubleclick the *drweb-cureit.exe* file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the *green arrow* at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:








If so, click it and then click the next icon right below and select *Move incurable* as you'll see in next image:








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click *file* and choose *save report list*
Save the report to your desktop. The report will be called *DrWeb.csv*
Close Dr.Web Cureit.
*Reboot* your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


----------



## GIRLY1 (May 11, 2011)

*PC3*
Ok have run drweb-cureit , results pasted below. Apologies for taking so long to reply but scan took about 5-6 hours to finish.
There were no errors found in the express scan.
Below are results of the full scan.

8b096[1].pdf;C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F1OABZ0W;Exploit.PDF.2187;Deleted.;

A0176570.exe;F:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1022;Win32.Sector.16;Cured.;

A0176592.EXE;F:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1022;Trojan.PWS.Spy.9300;Incurable.Moved.;

A0176598.EXE;F:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1022;Trojan.PWS.Spy.9300;Incurable.Moved.;

A0184278.exe;F:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1024;Win32.Sector.16;Cured.;

A0192009.EXE;F:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1024;Trojan.PWS.Spy.9300;Incurable.Moved.;

A0192021.EXE;F:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1024;Trojan.PWS.Spy.9300;Incurable.Moved.;


----------



## Cookiegal (Aug 27, 2003)

Dr. Web is showing Sality in system restore. We can flush the restore points but as I said before you're never 100% sure the system is trustworthy after this type of infection. I recommend that you back up important stuff but only the bare minimum that you can't do with such as photos, documents, music but no executables (programs, screen savers, things like that) as they are likely infected or corrupt.

I would also advise to run Dr. Web on the other two PCs and post those results please.


----------



## GIRLY1 (May 11, 2011)

Ok have run drweb for *PC1* and *PC2*, results pasted below.

*PC1*
There were no errors found in the express scan for PC1
There were no errors found in the full scan for PC1. Could not save a log report since there were no errors but did a screen shot instead which is attached.

*PC2*
There were no errors found in the express scan for PC2
Below are results of full scan for PC2. Found 3.

acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK;Trojan.MulDrop2.3621;Incurable.Moved.;

A0002231.rbf;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10;Trojan.Swizzor.based;Deleted.;

A0006405.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP49;Trojan.MulDrop2.3621;Incurable.Moved.;


----------



## Cookiegal (Aug 27, 2003)

Nothing to worry about there. Two of those detections are in system restore and not a threat unless you actually do a system restore. We will be flushing the restore points now so that will take care of those. The other is a false positive.

So, I believe it's safe to assume that PC1 and PC2 didn't have a file infector like Sality although they had other infections. I assume they weren't always used by the same people or for the same purpose so that's understandable.

My recommendation is to definitely reformat PC3. It's the only way you will ever be sure that machine is trustworthy.

We can probably get by without reformatting PC1 and PC2 but you will have to install SP3 and that will tell the tale. If there are problems with the installation then a reformat will be necessary.

So before installing SP3 on PC1 and PC2, you need to back up anything that is important to you that you wouldn't want to lose such as photographs, documents, music files, etc. but you shouldn't back up programs, they should be reinstalled afterward using their original installation media.

In addition, we will uninstall ComboFix and flush the restore points on both PC1 and PC2 so please do this:

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration but the actual command used the entire word uninstall and just the u).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

Before installing SP3 there are some preparations that have to be done beforehand to reduce the risk of something going wrong. This MS article outlines all the steps that you have to take before the installation so please check both PCs to be sure all is in order as per this article:

http://support.microsoft.com/kb/950717

Let me know if you need help with any of those things.

Once you've installed SP3 on both PC1 and PC2 please post back with a new HIjackThis log for each of those PCs. We will need to check further to see if there are other outdated programs that need to be updated as well.


----------



## GIRLY1 (May 11, 2011)

ComboFix has been uninstalled on PC2, we had already uninstalled it on PC1 earlier.

Have created System Restore points on both PC1 and PC2.

Please can you help on the following;

How can I check to see if I have the following updates installed on the PC's, as Windows XP SP3 cannot be installed if I do have the updates installed on the PC's?

Microsoft Shared Computer Toolkit 
Remote Desktop Connection (RDP) 6.0 MUI pack (Update 925877 for Windows XP) 

This can be a sticking point after SP3 has been installled.
I have a D-Link Wireless Adapter - DWL-G122, H/W Ver: C1, F/W Ver:3.10, have been reading that 
after installing SP3 alot of users having problems connecting again. And even after downloading
driver from D-Link website.

Also have a Netgear WG111v3 wireless adapter, same as above.

I think it may be a good idea to do one PC at a time.

Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes, it would be best to do one PC at a time and see how that goes

Use HijackThis to generate an uninstall list and if these are installed they will be listed there:

Microsoft Shared Computer Toolkit - (_this will be the name that shows_)
Remote Desktop Connection (RDP) 6.0 MUI pack (Update 925877 for Windows XP) - this will show as an MS update number KB925877.


----------



## Cookiegal (Aug 27, 2003)

Make sure you have the latest drivers for your D-Link and Netgear before attempting the installation of SP3.

If you have connection problems after doing one PC we have networking people here who should be able to help out with that.


----------



## GIRLY1 (May 11, 2011)

, thank you.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## GIRLY1 (May 11, 2011)

Forgot to also ask is this the correct link?

http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3

Installing SP3 using Windows Update (recommended)
Manually installing SP3 using the Microsoft Download Center or a CD

or is it this one ?

http://www.microsoft.com/downloads/...A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en


----------



## Cookiegal (Aug 27, 2003)

It's best to get it through MS updates as it's a bit of a smaller download:

http://windowsupdate.microsoft.com/


----------



## GIRLY1 (May 11, 2011)

*PC2*

OK, have installed SP3 on PC2. Please find below HijackThis log 
Will do PC1 now.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:59:48, on 03/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
--
End of file - 5362 bytes


----------



## GIRLY1 (May 11, 2011)

*PC1*

Ok, have installed SP3 on PC1 now. HijackThis log below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:31:11, on 03/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6203 bytes


----------



## Cookiegal (Aug 27, 2003)

Very good! :up:

Now please visit MS updates and download and install any critical updates as there will be several since SP3 was issued.

Once you've done that, reboot them and the please run this program on both PC1 and PC2 and post the results. It will tell us what other programs are out of date and need updating.

http://secunia.com/vulnerability_scanning/online/


----------



## GIRLY1 (May 11, 2011)

Ok, have done the MS updates for both PC1 and PC2.

Secunia is currently running for PC1 but for PC2 I am getting the followiing warning message and so clicked cancel.

Warning: Your system does not appear to have Sun Java Installed. Sun Java is required for the Securia Online Software Inspector to work. You should consider downloading the latest version of Sun Java from
http://www.java.com/ before continuing. Press OK to proceed anyway,


----------



## Cookiegal (Aug 27, 2003)

Can you post this for PC2 please?

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## GIRLY1 (May 11, 2011)

*PC2 - Unistall list*

725plc32
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AirPlus G
ANIO Service
ANIWZCS2 Service
ARTEuro
CinepPlayer 30 Update
Corel Paint Shop Pro X
Corel Photo Album 6
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
ESET Online Scanner v3
Google Update Helper
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java(TM) 6 Update 25
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Works 7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Media Format Runtime
Windows XP Service Pack 3


----------



## GIRLY1 (May 11, 2011)

*PC1 - Secunia scan*

Ok the Secunia scan for some reason stopped running ( the running time was not incrementing). So I stopped it and it aborted. 
Now re-running it again from scratch and it just finished, weired since the other stopped running at 27 minutes and this completed in 3 minutes.
*Detection Statistics:*

10 Applications Detected in Total
4 Insecure Versions Detected
6 Patched Versions Detected

Programs / Result Version Detected Status 
Adobe Reader 9.x 9.3.2.163 X 
Mozilla Firefox 3.6.x 3.6.3 X 
Skype for Windows 4.x 4.1.0.179 X 
Macromedia Flash Player 6.x 6.0.79.0 (ActiveX) X


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC1 - Secunia scan*
> 
> Ok the Secunia scan for some reason stopped running ( the running time was not incrementing). So I stopped it and it aborted.
> Now re-running it again from scratch and it just finished, weired since the other stopped running at 27 minutes and this completed in 3 minutes.
> ...


Please open this folder:

C:\WINDOWS\system32\Macromed\Flash

and let me know what file names are there that have the word flash in them with an .ocx extension, i.e.:

flash10q.ocx


----------



## Cookiegal (Aug 27, 2003)

For PC2 if you open IE and then click on Tools - Internet Options and then the Advanced tab, scroll down the list to Java. Does it say Sun Java and then beside it: Use JRE 1.6.0_25 for (requires restart)?


----------



## GIRLY1 (May 11, 2011)

*PC1*



> please open this folder:
> C:\windows\system32\macromed\flash
> and let me know what file names are there that have the word flash in them with an .ocx extension, i.e.:
> Flash10q.ocx


Flash10p.ocx
flash.ocx


----------



## GIRLY1 (May 11, 2011)

*PC2*



> For PC2 if you open IE and then click on Tools - Internet Options and then the Advanced tab, scroll down the list to Java. Does it say Sun Java and then beside it: Use JRE 1.6.0_25 for (requires restart)?


You are correct, the only slight difference is that at the beginning it is - Java(Sun)


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC1*
> 
> Flash10p.ocx
> flash.ocx


Right-click the *flash.ocx* file and select "rename" and rename it to *flash.old*.

Update your Skype program to the latest version.

Uninstall Adobe Reader first via the Control Panel - Add or Remove Programs and then reboot the machine to be sure it's complete uninstalled. Then go to the following link and download the latest version of Adobe Reader X (10.0.1). Use the Internet Explorer browser for the download.

http://get.adobe.com/reader/

As with the Adobe Flash Player download, be sure to uncheck any supplementary toolbar or program that may be offered along with Adobe Reader as you don't need those. They are not malicious but unnecessary and take up resources for no reason (which you are a bit short on).

Then reboot again and run Secunia again and report back with the results so I can see if anything remains that needs to be addressed.


----------



## Cookiegal (Aug 27, 2003)

For PC2, try running Secunia again and if it still says you don't have Java installed, click on the option to continue anyway and see if we get a report.


----------



## GIRLY1 (May 11, 2011)

*PC1*



> Right-click the *flash.ocx* file and select "rename" and rename it to *flash.old*.


Done



> Update your Skype program to the latest version.


Uninstalled Skype altogether



> Uninstall Adobe Reader first via the Control Panel - Add or Remove Programs and then reboot the machine to be sure it's complete uninstalled. Then go to the following link and download the latest version of Adobe Reader X (10.0.1). Use the Internet Explorer browser for the download.


Done

Secunia scan pasted below

Detection Statistics:

7 Applications Detected in Total
1 Insecure Version Detected
6 Patched Versions Detected

Errors with the scan:
0 Errors Detected, scan result should be correct

Status / Currently Processing:
Detection completed successfully

Programs / Result Version Detected Status 
Mozilla Firefox 3.6.x 3.6.3


----------



## GIRLY1 (May 11, 2011)

*PC2*



> For PC2, try running Secunia again and if it still says you don't have Java installed, click on the option to continue anyway and see if we get a report.


I click Ok and then get the following message from webpage;

There might be problems loading the Java Applet in your browser. If you are sure that Java is installed(version 1.6.x or later) and functional, then please press OK to proceed anyway.

So, I click OK and press start. The red curved lines in the bottom right expand and contract but the running time does not increment. After 15 minutes, I click on the stop icon of the scan but it has no effect, so I have to close the whole window down in order to stop it.


----------



## Cookiegal (Aug 27, 2003)

> 7 Applications Detected in Total
> 1 Insecure Version Detected
> 6 Patched Versions Detected


Does it identify what these are?


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC2*
> 
> I click Ok and then get the following message from webpage;
> 
> ...


Try running the PSI one instead:

http://secunia.com/vulnerability_scanning/personal/


----------



## GIRLY1 (May 11, 2011)

*PC2 PSI scan*

attached


----------



## GIRLY1 (May 11, 2011)

*PC1*

7 Applications Detected in Total
1 Insecure Version Detected
6 Patched Versions Detected



> Does it identify what these are?


Only the 1 Insecure Version Detected. In this case it was:

Programs / Result Version Detected Status 
Mozilla Firefox 3.6.x 3.6.3


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC2 PSI scan*
> 
> attached


Please uninstall that outdated version of Adobe Read and install the latest as you did on the other PC.

Also, update the Quick Time program to the latest version.

Regarding the Macromedia one, please click the + sign beside that entry and see if it gives any more details. I'm not sure if that's Shockwave or not and it should give the name of the file it detected.


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC1*
> 
> 7 Applications Detected in Total
> 1 Insecure Version Detected
> ...


Sorry, I just realized it's 7 applications in total of which 6 are secure (patched) and 1 is not. You should update Firefox to the latest version, which is 4.0.1.


----------



## Cookiegal (Aug 27, 2003)

Have you reformatted PC3?


----------



## GIRLY1 (May 11, 2011)

*PC2*



> Please uninstall that outdated version of Adobe Read and install the latest as you did on the other PC.


Done



> Also, update the Quick Time program to the latest version.


Uninstalled Quick Time altogether.



> Regarding the Macromedia one, please click the + sign beside that entry and see if it gives any more details. I'm not sure if that's Shockwave or not and it should give the name of the file it detected.


See below

Macromedia Flash Player 4.x (ActiveX) 4 End-of-Life 4.0.7.0 (ActiveX) 10.x (ActiveX) Install Solution 
Detected Instances:
C:\i386\swflash.ocx, version 4.0.7.0 (ActiveX)
C:\Program Files\Common Files\AOL\Flasha.ocx, version 6.0.80.0 (ActiveX)
C:\i386\Flash.ocx, version 7.0.19.0 (ActiveX)
C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx, version 10.2.159.1 (ActiveX)

Latest Version - patching one or more vulnerabilities:
10.x (ActiveX)


----------



## GIRLY1 (May 11, 2011)

> Have you reformatted PC3?


PC3 was the most used. I have so much stuff on PC3 that its going to/taking some time to go through. Question. Is there a program I can use to send files through(docs/photos/pdf's, etc) which would advise if they are infected or not?. Just do not want to back them up if they are infected.

Thanks


----------



## Cookiegal (Aug 27, 2003)

You can delete these three files:

C:\i386\swflash.ocx
C:\Program Files\Common Files\AOL\Flasha.ocx
C:\i386\Flash.ocx

Thie following file is not very old so don't delete it (it's the current version you have) but there is already a newer version of Flash so you should be notified to update it soon by the program. Then you should allow it to do that so you have the latest version.

C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx, version 10.2.159.1 (ActiveX)

Regarding the playing of videos on PC1 and PC2, recent versions of flash attempt to use hardware acceleration by default and a lot of older video cards won't allow it so please do this:

Right-click any flash video and select "Settings". Then on the Display tab uncheck "Hardware Acceleration" and press the close button. Restart the browser and the videos should play properly.


----------



## GIRLY1 (May 11, 2011)

*PC2*



> You can delete these three files:
> C:\i386\swflash.ocx
> C:\Program Files\Common Files\AOL\Flasha.ocx
> C:\i386\Flash.ocx


Deleted as requested.



> Right-click any flash video and select "Settings". Then on the Display tab uncheck "Hardware Acceleration" and press the close button. Restart the browser and the videos should play properly.


I have actioned this but it is still the same. I have even rebooted and it is the same.
Thanks


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC2*
> 
> Deleted as requested.
> 
> ...


All I can suggest is that you need to add more RAM to the PCs to increase the capacity to run these programs. I would add another 512 to bring it up to 1024 and you should notice a difference. It's also possible the video card can't handle it. How old are these computers?


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> PC3 was the most used. I have so much stuff on PC3 that its going to/taking some time to go through. Question. Is there a program I can use to send files through(docs/photos/pdf's, etc) which would advise if they are infected or not?. Just do not want to back them up if they are infected.
> 
> Thanks


I don't recommend backing up pdf files as they could be infected. You're best to just back up documents, photos/images, music and if there are any e-mails you don't want to lose.


----------



## GIRLY1 (May 11, 2011)

> All I can suggest is that you need to add more RAM to the PCs to increase the capacity to run these programs. I would add another 512 to bring it up to 1024 and you should notice a difference. It's also possible the video card can't handle it. How old are these computers?


Thankyou for your suggestion. But the only thing is is that as per post 46, everything was working fine with the current spec. It was not until Adobe Flash Player 10.3.181.14. was installed that I started to get these problems. I believe it is possibly more of a software or setting related problem than a hardware problem.
This problem is only on PC2 and not on PC1(which is working fine)which has a similar spec

PC1 Spec - Celeron(R) CPU 2.40GHz, 2.39 GHz, 512MB of RAM
PC2 Spec - Pentium(R) 4 CPU 2.80GHz, 2.79 GHz, 512MB of RAM


----------



## Cookiegal (Aug 27, 2003)

I thought you said the problem existed on both PCs but was a bit worse on PC2.

Can you run a new OTS scan for each PC and upload those logs please?


----------



## GIRLY1 (May 11, 2011)

Please find below *PC1 & PC2* OTS scan logs

*PC2*

OTS logfile created on: 06/06/2011 21:55:08 - Run 2
OTS by OldTimer - Version 3.1.43.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 62.12 Gb Free Space | 86.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D6KLM72J
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2011/05/24 12:09:12 | 000,645,632 | ---- | M] (OldTimer Tools)
psia.exe -> C:\Program Files\Secunia\PSI\psia.exe -> [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia)
psi_tray.exe -> C:\Program Files\Secunia\PSI\psi_tray.exe -> [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia)
ccsvchst.exe -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe -> [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
airgcfg.exe -> C:\Program Files\D-Link\AirPlus G\AirGCFG.exe -> [2006/11/17 16:54:00 | 001,552,384 | ---- | M] (D-Link)
wzcsldr2.exe -> C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> [2006/06/29 17:34:20 | 000,049,152 | ---- | M] (Alpha Networks Inc.)
realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe -> [2006/04/27 01:35:22 | 000,026,112 | ---- | M] (RealNetworks, Inc.)
dmxlauncher.exe -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [2005/11/01 03:12:00 | 000,094,208 | ---- | M] ()
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2011/05/24 12:09:12 | 000,645,632 | ---- | M] (OldTimer Tools)
asoehook.dll -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll -> [2011/04/29 01:29:01 | 000,413,112 | R--- | M] (Symantec Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
msvcr90.dll -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll -> [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation)
msvcp90.dll -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll -> [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] -> -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> -> File not found
(Secunia PSI Agent) Secunia PSI Agent [Auto | Running] -> C:\Program Files\Secunia\PSI\PSIA.exe -> [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia)
(NIS) Norton Internet Security [Unknown | Running] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -> [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
(ANIWZCSdService) ANIWZCSd Service [Auto | Stopped] -> C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> [2006/07/03 15:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.)

[Driver Services - Safe List]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110606.002\navex15.sys -> [2011/06/06 17:21:14 | 001,542,392 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110606.002\naveng.sys -> [2011/06/06 17:21:13 | 000,086,008 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2011/05/10 10:59:55 | 000,374,392 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/05/10 10:59:55 | 000,105,592 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2011/05/09 23:52:35 | 000,126,584 | ---- | M] (Symantec Corporation)
(BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys -> [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation)
(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -> [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -> [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -> [2011/03/22 01:39:49 | 000,369,784 | ---- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -> [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation)
(IDSxpx86) IDSxpx86 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110603.003\IDSXpx86.sys -> [2011/03/14 19:58:34 | 000,341,944 | ---- | M] (Symantec Corporation)
(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -> [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation)
(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -> [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation)
(PSI) PSI [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2006/04/27 01:35:24 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(ANIO) ANIO Service [Kernel | Auto | Running] -> C:\WINDOWS\system32\ANIO.sys -> [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.)
(RT73) D-Link USB Wireless LAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Dr71WU.sys -> [2005/11/03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> -> 
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN\] -> [2011/05/10 09:58:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\] -> [2011/05/09 23:52:06 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/05/22 22:39:38 | 000,000,698 | R--- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll [Symantec NCO BHO] -> [2011/04/28 23:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll [Symantec Intrusion Prevention] -> [2011/03/31 04:01:20 | 000,210,872 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll [Norton Toolbar] -> [2011/04/28 23:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll [Norton Toolbar] -> [2011/04/28 23:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2011/01/30 16:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated)
"ANIWZCS2Service" -> C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> [2006/06/29 17:34:20 | 000,049,152 | ---- | M] (Alpha Networks Inc.)
"D-Link AirPlus G" -> C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [C:\Program Files\D-Link\AirPlus G\AirGCFG.exe] -> [2006/11/17 16:54:00 | 001,552,384 | ---- | M] (D-Link)
"DMXLauncher" -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/11/01 03:12:00 | 000,094,208 | ---- | M] ()
"RealTray" -> C:\Program Files\Real\RealPlayer\RealPlay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2006/04/27 01:35:22 | 000,026,112 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe -> [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos-beta/OnlineScanner.cab [OnlineScanner Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> 
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2DBAD924-D8C9-442D-A0FB-ECE5788335E2}\\DhcpNameServer -> 192.168.0.1 (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C)) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Corel Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe -> [2006/02/09 23:34:54 | 000,106,496 | ---- | M] (Corel, Inc.)
DLA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
ISUSPM Startup hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation)
ISUSScheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2006/04/27 01:35:57 | 000,098,304 | ---- | M] (Apple Computer, Inc.)
SoundMAXPnP hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2011/01/07 13:12:22 | 000,253,672 | ---- | M] (Sun Microsystems, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 15/05/2011 15:42:11 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 15/05/2011 16:42:27 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: This operation returned because the timeout period expired. 
Application [ Error ] 15/05/2011 16:42:27 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 15/05/2011 16:42:27 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 15/05/2011 16:42:27 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 15/05/2011 17:42:43 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: This operation returned because the timeout period expired. 
Application [ Error ] 15/05/2011 17:42:43 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 15/05/2011 17:42:44 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 15/05/2011 17:42:44 Computer Name = D6KLM72J | Source = crypt32 | ID = 131077 -> Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The specified server cannot perform the requested operation. 
Application [ Error ] 16/05/2011 03:26:33 Computer Name = D6KLM72J | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. 
System [ Error ] 18/05/2011 15:44:45 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:45 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:46 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:46 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:46 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:46 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:46 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126
System [ Error ] 18/05/2011 15:44:46 Computer Name = D6KLM72J | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126

[Files/Folders - Created Within 30 Days]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [2011/06/06 10:28:57 | 000,000,000 | ---D | C]
Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2011/06/06 10:28:43 | 000,000,000 | ---D | C]
Secunia PSI -> C:\Documents and Settings\Admin\Local Settings\Application Data\Secunia PSI -> [2011/06/05 20:53:55 | 000,000,000 | ---D | C]
Secunia -> C:\Program Files\Secunia -> [2011/06/05 20:53:25 | 000,000,000 | ---D | C]
PSISetup.exe -> C:\Documents and Settings\Admin\Desktop\PSISetup.exe -> [2011/06/05 20:50:21 | 001,739,400 | ---- | C] (Secunia)
ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2011/06/03 20:29:51 | 000,040,960 | ---- | C] (Microsoft Corporation)
wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2011/06/03 20:29:23 | 000,045,568 | ---- | C] (Microsoft Corporation)
mfc40.dll -> C:\WINDOWS\System32\dllcache\mfc40.dll -> [2011/06/03 20:28:08 | 000,954,368 | ---- | C] (Microsoft Corporation)
mfc40u.dll -> C:\WINDOWS\System32\dllcache\mfc40u.dll -> [2011/06/03 20:28:06 | 000,953,856 | ---- | C] (Microsoft Corporation)
mfc42.dll -> C:\WINDOWS\System32\dllcache\mfc42.dll -> [2011/06/03 20:28:05 | 000,978,944 | ---- | C] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\System32\dllcache\comctl32.dll -> [2011/06/03 20:27:07 | 000,617,472 | ---- | C] (Microsoft Corporation)
Prefetch -> C:\WINDOWS\Prefetch -> [2011/06/03 14:52:23 | 000,000,000 | ---D | C]
scripting -> C:\WINDOWS\System32\scripting -> [2011/06/03 14:18:47 | 000,000,000 | ---D | C]
l2schemas -> C:\WINDOWS\l2schemas -> [2011/06/03 14:18:46 | 000,000,000 | ---D | C]
en -> C:\WINDOWS\System32\en -> [2011/06/03 14:18:44 | 000,000,000 | ---D | C]
bits -> C:\WINDOWS\System32\bits -> [2011/06/03 14:18:43 | 000,000,000 | ---D | C]
network diagnostic -> C:\WINDOWS\network diagnostic -> [2011/06/03 14:04:55 | 000,000,000 | ---D | C]
$NtServicePackUninstall$ -> C:\WINDOWS\$NtServicePackUninstall$ -> [2011/06/03 13:56:39 | 000,000,000 | -H-D | C]
EHome -> C:\WINDOWS\EHome -> [2011/06/03 13:56:33 | 000,000,000 | ---D | C]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [2011/06/03 13:43:39 | 000,000,000 | ---D | C]
DoctorWeb -> C:\Documents and Settings\Admin\DoctorWeb -> [2011/06/02 08:26:59 | 000,000,000 | ---D | C]
fp_10.2.159.1_archive -> C:\Documents and Settings\Admin\Desktop\fp_10.2.159.1_archive -> [2011/05/28 16:18:42 | 000,000,000 | ---D | C]
uninstall_flash_player.exe -> C:\Documents and Settings\Admin\Desktop\uninstall_flash_player.exe -> [2011/05/28 16:00:04 | 000,240,288 | ---- | C] (Adobe Systems, Inc.)
RECYCLER -> C:\RECYCLER -> [2011/05/27 23:30:55 | 000,000,000 | -HSD | C]
tdsskiller -> C:\Documents and Settings\Admin\Desktop\tdsskiller -> [2011/05/27 23:13:13 | 000,000,000 | ---D | C]
My Videos -> C:\Documents and Settings\All Users\Documents\My Videos -> [2011/05/27 22:08:27 | 000,000,000 | R--D | C]
My Videos -> C:\Documents and Settings\Admin\My Documents\My Videos -> [2011/05/27 22:08:27 | 000,000,000 | R--D | C]
Administrative Tools -> C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools -> [2011/05/27 22:08:21 | 000,000,000 | R--D | C]
_OTS -> C:\_OTS -> [2011/05/27 18:23:07 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2011/05/27 16:52:53 | 000,645,632 | ---- | C] (OldTimer Tools)
HostsXpert 4.3 -> C:\HostsXpert 4.3 -> [2011/05/22 22:36:26 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2011/05/21 10:25:01 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2011/05/21 10:20:41 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google -> [2011/05/21 10:18:25 | 000,000,000 | ---D | C]
Google -> C:\Program Files\Google -> [2011/05/21 10:12:08 | 000,000,000 | ---D | C]
aswMBR.exe -> C:\Documents and Settings\Admin\Desktop\aswMBR.exe -> [2011/05/20 22:32:34 | 000,589,632 | ---- | C] (AVAST Software)
ESET -> C:\Program Files\ESET -> [2011/05/20 19:25:34 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2011/05/19 23:26:35 | 000,000,000 | RHSD | C]
backups -> C:\Documents and Settings\Admin\Desktop\backups -> [2011/05/19 22:37:41 | 000,000,000 | ---D | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2011/05/19 22:30:59 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2011/05/18 20:49:43 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Common Files\Java -> [2011/05/18 20:49:42 | 000,000,000 | ---D | C]
deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/05/18 20:49:28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/05/18 20:49:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/05/18 20:49:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2011/05/18 20:49:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/05/18 20:49:28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.)
jre-6u25-windows-i586.exe -> C:\Documents and Settings\Admin\Desktop\jre-6u25-windows-i586.exe -> [2011/05/18 20:42:29 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.)
AdobeUM -> C:\Documents and Settings\Admin\Application Data\AdobeUM -> [2011/05/13 12:07:34 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe -> [2011/05/13 12:07:27 | 000,000,000 | ---D | C]
My eBooks -> C:\Documents and Settings\Admin\My Documents\My eBooks -> [2011/05/13 12:07:15 | 000,000,000 | ---D | C]
Adobe -> C:\Program Files\Common Files\Adobe -> [2011/05/13 12:07:01 | 000,000,000 | ---D | C]
HijackThis.exe -> C:\Documents and Settings\Admin\Desktop\HijackThis.exe -> [2011/05/12 19:30:35 | 000,388,608 | ---- | C] (Trend Micro Inc.)
Identities -> C:\Documents and Settings\Admin\Local Settings\Application Data\Identities -> [2011/05/08 15:42:20 | 000,000,000 | ---D | C]
surj -> C:\surj -> [2011/05/08 15:20:43 | 000,000,000 | ---D | C]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2011/06/06 21:25:03 | 000,000,884 | ---- | M] ()
ANIWZCSUSERNAME{2DBAD924-D8C9-442D-A0FB-ECE5788335E2} -> C:\WINDOWS\System32\ANIWZCSUSERNAME{2DBAD924-D8C9-442D-A0FB-ECE5788335E2} -> [2011/06/06 18:25:26 | 000,000,006 | ---- | M] ()
ANIWZCSUSERNAME -> C:\WINDOWS\System32\ANIWZCSUSERNAME -> [2011/06/06 18:25:20 | 000,000,007 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2011/06/06 18:25:15 | 000,000,880 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/06/06 18:25:07 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/06/06 18:24:50 | 534,827,008 | -HS- | M] ()
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk -> [2011/06/06 10:41:00 | 000,001,734 | ---- | M] ()
Secunia PSI Tray.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk -> [2011/06/06 09:48:24 | 000,000,753 | ---- | M] ()
PSISetup.exe -> C:\Documents and Settings\Admin\Desktop\PSISetup.exe -> [2011/06/06 09:46:45 | 001,739,400 | ---- | M] (Secunia)
psi scan.JPG -> C:\Documents and Settings\Admin\Desktop\psi scan.JPG -> [2011/06/05 22:00:15 | 000,066,042 | ---- | M] ()
psi scan.rtf -> C:\Documents and Settings\Admin\Desktop\psi scan.rtf -> [2011/06/05 21:50:48 | 001,983,672 | ---- | M] ()
sun java.rtf -> C:\Documents and Settings\Admin\Desktop\sun java.rtf -> [2011/06/05 18:01:43 | 000,993,562 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/06/03 21:20:43 | 000,126,912 | ---- | M] ()
Cat.DB -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB -> [2011/06/03 21:07:03 | 001,168,298 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/06/03 21:06:50 | 000,001,355 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/06/03 20:21:57 | 000,002,206 | ---- | M] ()
{D9ACA689-B3FD-49FE-816C-DDAF6E87A0FF} -> C:\{D9ACA689-B3FD-49FE-816C-DDAF6E87A0FF} -> [2011/06/03 19:50:14 | 000,007,824 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/06/03 14:56:32 | 000,381,692 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/06/03 14:56:31 | 000,053,436 | ---- | M] ()
WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2011/06/03 14:55:40 | 000,316,640 | ---- | M] ()
ntldr -> C:\ntldr -> [2011/06/03 14:04:04 | 000,250,048 | RHS- | M] ()
uninstall_list1 -> C:\Documents and Settings\Admin\Desktop\uninstall_list1 -> [2011/06/02 21:09:15 | 000,004,428 | ---- | M] ()
combo warning.rtf -> C:\Documents and Settings\Admin\Desktop\combo warning.rtf -> [2011/06/02 15:38:54 | 000,538,863 | ---- | M] ()
drweb scan.rtf -> C:\Documents and Settings\Admin\Desktop\drweb scan.rtf -> [2011/06/02 13:21:45 | 001,587,765 | ---- | M] ()
DrWeb.csv -> C:\Documents and Settings\Admin\Desktop\DrWeb.csv -> [2011/06/02 13:19:38 | 000,000,369 | ---- | M] ()
drweb-cureit.exe -> C:\Documents and Settings\Admin\Desktop\drweb-cureit.exe -> [2011/06/01 23:43:06 | 064,584,512 | ---- | M] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2011/05/30 22:27:18 | 000,000,754 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2011/05/30 18:44:20 | 000,000,327 | RHS- | M] ()
synchro.rtf -> C:\Documents and Settings\Admin\Desktop\synchro.rtf -> [2011/05/29 19:27:33 | 002,596,569 | ---- | M] ()
vm.rtf -> C:\Documents and Settings\Admin\Desktop\vm.rtf -> [2011/05/29 18:09:04 | 000,927,647 | ---- | M] ()
fp_10.2.159.1_archive.zip -> C:\Documents and Settings\Admin\Desktop\fp_10.2.159.1_archive.zip -> [2011/05/28 16:13:01 | 069,557,535 | ---- | M] ()
uninstall_flash_player.exe -> C:\Documents and Settings\Admin\Desktop\uninstall_flash_player.exe -> [2011/05/28 16:00:06 | 000,240,288 | ---- | M] (Adobe Systems, Inc.)
MBR.zip -> C:\Documents and Settings\Admin\Desktop\MBR.zip -> [2011/05/27 23:39:48 | 000,000,579 | ---- | M] ()
MBR.dat -> C:\Documents and Settings\Admin\Desktop\MBR.dat -> [2011/05/27 23:30:59 | 000,000,512 | ---- | M] ()
aswMBR.exe -> C:\Documents and Settings\Admin\Desktop\aswMBR.exe -> [2011/05/27 23:29:39 | 000,589,632 | ---- | M] (AVAST Software)
MBRCheck.exe -> C:\Documents and Settings\Admin\Desktop\MBRCheck.exe -> [2011/05/27 23:23:50 | 000,080,384 | ---- | M] ()
tdsskiller.zip -> C:\Documents and Settings\Admin\Desktop\tdsskiller.zip -> [2011/05/27 23:12:27 | 001,301,452 | ---- | M] ()
adobe1.rtf -> C:\Documents and Settings\Admin\Desktop\adobe1.rtf -> [2011/05/27 19:50:10 | 001,313,386 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2011/05/24 12:09:12 | 000,645,632 | ---- | M] (OldTimer Tools)
hijackthis1 -> C:\Documents and Settings\Admin\Desktop\hijackthis1 -> [2011/05/22 22:50:29 | 000,006,974 | ---- | M] ()
{D9A83030-6A9C-4EE2-B21B-DA47C9AB39C3} -> C:\{D9A83030-6A9C-4EE2-B21B-DA47C9AB39C3} -> [2011/05/22 19:42:45 | 000,011,136 | ---- | M] ()
uyxz5p18.exe -> C:\Documents and Settings\Admin\Desktop\uyxz5p18.exe -> [2011/05/20 23:38:08 | 000,302,080 | ---- | M] ()
combofix instructions.wps -> C:\Documents and Settings\Admin\Desktop\combofix instructions.wps -> [2011/05/19 19:48:52 | 013,003,776 | ---- | M] ()
dds.scr -> C:\Documents and Settings\Admin\Desktop\dds.scr -> [2011/05/18 21:49:09 | 000,625,664 | ---- | M] ()
deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/05/18 20:49:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/05/18 20:49:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/05/18 20:49:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2011/05/18 20:49:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/05/18 20:49:01 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
jre-6u25-windows-i586.exe -> C:\Documents and Settings\Admin\Desktop\jre-6u25-windows-i586.exe -> [2011/05/18 20:42:29 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.)
uninstall_list_PC2 -> C:\Documents and Settings\Admin\Desktop\uninstall_list_PC2 -> [2011/05/18 18:00:34 | 000,004,426 | ---- | M] ()
dhi.pdf -> C:\Documents and Settings\Admin\Desktop\dhi.pdf -> [2011/05/17 11:06:37 | 002,885,116 | ---- | M] ()
HijackThis.exe -> C:\Documents and Settings\Admin\Desktop\HijackThis.exe -> [2011/05/12 19:30:38 | 000,388,608 | ---- | M] (Trend Micro Inc.)
Norton Internet Security.LNK -> C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK -> [2011/05/10 09:58:31 | 000,001,973 | ---- | M] ()
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2011/05/09 23:52:35 | 000,126,584 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2011/05/09 23:52:35 | 000,060,872 | ---- | M] (Symantec Corporation)
SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2011/05/09 23:52:35 | 000,007,468 | ---- | M] ()
SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2011/05/09 23:52:35 | 000,000,806 | ---- | M] ()
13 C:\Documents and Settings\Admin\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Admin\Local Settings\temp\*.tmp -> 
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk -> [2011/06/06 10:40:57 | 000,001,734 | ---- | C] ()
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk -> [2011/06/06 10:40:56 | 000,001,804 | ---- | C] ()
Secunia PSI Tray.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk -> [2011/06/06 09:48:23 | 000,000,753 | ---- | C] ()
Secunia PSI.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk -> [2011/06/06 09:48:22 | 000,000,716 | ---- | C] ()
psi scan.JPG -> C:\Documents and Settings\Admin\Desktop\psi scan.JPG -> [2011/06/05 22:00:15 | 000,066,042 | ---- | C] ()
psi scan.rtf -> C:\Documents and Settings\Admin\Desktop\psi scan.rtf -> [2011/06/05 21:50:47 | 001,983,672 | ---- | C] ()
sun java.rtf -> C:\Documents and Settings\Admin\Desktop\sun java.rtf -> [2011/06/03 21:26:39 | 000,993,562 | ---- | C] ()
{D9ACA689-B3FD-49FE-816C-DDAF6E87A0FF} -> C:\{D9ACA689-B3FD-49FE-816C-DDAF6E87A0FF} -> [2011/06/03 19:50:14 | 000,007,824 | ---- | C] ()
uninstall_list1 -> C:\Documents and Settings\Admin\Desktop\uninstall_list1 -> [2011/06/02 21:09:15 | 000,004,428 | ---- | C] ()
combo warning.rtf -> C:\Documents and Settings\Admin\Desktop\combo warning.rtf -> [2011/06/02 15:38:54 | 000,538,863 | ---- | C] ()
drweb scan.rtf -> C:\Documents and Settings\Admin\Desktop\drweb scan.rtf -> [2011/06/02 13:21:45 | 001,587,765 | ---- | C] ()
DrWeb.csv -> C:\Documents and Settings\Admin\Desktop\DrWeb.csv -> [2011/06/02 13:19:38 | 000,000,369 | ---- | C] ()
drweb-cureit.exe -> C:\Documents and Settings\Admin\Desktop\drweb-cureit.exe -> [2011/06/01 23:42:11 | 064,584,512 | ---- | C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2011/05/30 22:27:18 | 000,000,754 | ---- | C] ()
synchro.rtf -> C:\Documents and Settings\Admin\Desktop\synchro.rtf -> [2011/05/29 19:15:38 | 002,596,569 | ---- | C] ()
vm.rtf -> C:\Documents and Settings\Admin\Desktop\vm.rtf -> [2011/05/29 18:09:03 | 000,927,647 | ---- | C] ()
fp_10.2.159.1_archive.zip -> C:\Documents and Settings\Admin\Desktop\fp_10.2.159.1_archive.zip -> [2011/05/28 16:12:34 | 069,557,535 | ---- | C] ()
MBR.zip -> C:\Documents and Settings\Admin\Desktop\MBR.zip -> [2011/05/27 23:39:48 | 000,000,579 | ---- | C] ()
tdsskiller.zip -> C:\Documents and Settings\Admin\Desktop\tdsskiller.zip -> [2011/05/27 23:12:10 | 001,301,452 | ---- | C] ()
adobe1.rtf -> C:\Documents and Settings\Admin\Desktop\adobe1.rtf -> [2011/05/27 19:50:10 | 001,313,386 | ---- | C] ()
hijackthis1 -> C:\Documents and Settings\Admin\Desktop\hijackthis1 -> [2011/05/22 22:50:28 | 000,006,974 | ---- | C] ()
{D9A83030-6A9C-4EE2-B21B-DA47C9AB39C3} -> C:\{D9A83030-6A9C-4EE2-B21B-DA47C9AB39C3} -> [2011/05/22 19:42:45 | 000,011,136 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2011/05/21 10:20:34 | 000,000,884 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2011/05/21 10:20:33 | 000,000,880 | ---- | C] ()
uyxz5p18.exe -> C:\Documents and Settings\Admin\Desktop\uyxz5p18.exe -> [2011/05/20 23:38:07 | 000,302,080 | ---- | C] ()
MBR.dat -> C:\Documents and Settings\Admin\Desktop\MBR.dat -> [2011/05/20 22:33:50 | 000,000,512 | ---- | C] ()
MBRCheck.exe -> C:\Documents and Settings\Admin\Desktop\MBRCheck.exe -> [2011/05/20 20:51:45 | 000,080,384 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2011/05/19 23:26:40 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2011/05/19 23:26:38 | 000,260,272 | RHS- | C] ()
combofix instructions.wps -> C:\Documents and Settings\Admin\Desktop\combofix instructions.wps -> [2011/05/19 19:48:48 | 013,003,776 | ---- | C] ()
dds.scr -> C:\Documents and Settings\Admin\Desktop\dds.scr -> [2011/05/18 21:49:05 | 000,625,664 | ---- | C] ()
uninstall_list_PC2 -> C:\Documents and Settings\Admin\Desktop\uninstall_list_PC2 -> [2011/05/18 18:00:34 | 000,004,426 | ---- | C] ()
dhi.pdf -> C:\Documents and Settings\Admin\Desktop\dhi.pdf -> [2011/05/17 11:06:29 | 002,885,116 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2011/05/06 21:49:14 | 000,000,002 | ---- | C] ()
JJAKEn.dll -> C:\WINDOWS\System32\JJAKEn.dll -> [2011/05/05 20:53:35 | 000,049,152 | ---- | C] ()
rt2661.bin -> C:\WINDOWS\System32\drivers\rt2661.bin -> [2011/05/05 20:53:17 | 000,008,192 | R--- | C] ()
rt2561s.bin -> C:\WINDOWS\System32\drivers\rt2561s.bin -> [2011/05/05 20:53:17 | 000,008,192 | R--- | C] ()
rt2561.bin -> C:\WINDOWS\System32\drivers\rt2561.bin -> [2011/05/05 20:53:17 | 000,008,192 | R--- | C] ()
rt73.bin -> C:\WINDOWS\System32\drivers\rt73.bin -> [2011/05/05 20:53:16 | 000,002,048 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/04/27 01:40:32 | 000,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/04/27 01:38:22 | 000,000,126 | ---- | C] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2006/04/27 01:34:39 | 000,000,335 | ---- | C] ()
e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2006/04/27 01:13:52 | 000,012,288 | ---- | C] ()
setpwrcg.exe -> C:\WINDOWS\setpwrcg.exe -> [2006/04/27 01:13:40 | 000,049,152 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/04/27 01:13:28 | 000,000,475 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/10 08:56:34 | 000,000,000 | ---- | C] ()
dlcfplc.ini -> C:\WINDOWS\System32\dlcfplc.ini -> [2005/08/31 12:11:14 | 000,000,442 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2004/08/10 13:07:31 | 000,002,048 | --S- | C] ()
emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2004/08/10 13:02:15 | 000,021,640 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2004/08/10 12:57:15 | 000,126,912 | ---- | C] ()
secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/10 12:51:21 | 000,004,569 | ---- | C] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2004/08/10 12:51:20 | 000,381,692 | ---- | C] ()
perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/10 12:51:20 | 000,272,128 | ---- | C] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2004/08/10 12:51:20 | 000,053,436 | ---- | C] ()
perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/10 12:51:20 | 000,028,626 | ---- | C] ()
oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/10 12:51:18 | 000,004,627 | ---- | C] ()
oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/10 12:51:17 | 013,107,200 | ---- | C] ()
noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/10 12:51:16 | 000,000,741 | ---- | C] ()
mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/10 12:51:12 | 000,673,088 | ---- | C] ()
mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/10 12:51:11 | 000,046,258 | ---- | C] ()
dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/10 12:51:05 | 000,218,003 | ---- | C] ()
dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/10 12:50:56 | 000,001,804 | ---- | C] ()
< End of report >


----------



## GIRLY1 (May 11, 2011)

*PC1 OTS Scan Log*

OTS logfile created on: 06/06/2011 22:01:27 - Run 6
OTS by OldTimer - Version 3.1.43.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 25.93 Gb Free Space | 67.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLRICE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/05/24 12:09:10 | 000,645,632 | ---- | M] (OldTimer Tools)
java.exe -> C:\Program Files\Java\jre6\bin\java.exe -> [2011/05/18 20:32:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
ccsvchst.exe -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe -> [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
ccsvchst.exe -> C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -> [2010/11/24 03:21:18 | 000,130,000 | R--- | M] (Symantec Corporation)
pcsuite.exe -> C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -> [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia)
servicelayer.exe -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia)
nclusbsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [2009/10/27 10:15:44 | 000,132,608 | ---- | M] (Nokia)
nclrssrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe -> [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia)
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.)
wg111v3.exe -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2008/12/11 16:38:04 | 002,322,432 | ---- | M] ()
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/05/24 12:09:10 | 000,645,632 | ---- | M] (OldTimer Tools)
asoehook.dll -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll -> [2011/04/29 01:29:01 | 000,413,112 | R--- | M] (Symantec Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
msvcr90.dll -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll -> [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation)
msvcp90.dll -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll -> [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -> [2011/05/19 13:41:18 | 003,275,864 | ---- | M] ()
(NIS) Norton Internet Security [Unknown | Running] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -> [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
(NSL) Norton Safe Web Lite [Unknown | Running] -> C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -> [2010/11/24 03:21:18 | 000,130,000 | R--- | M] (Symantec Corporation)
(ServiceLayer) ServiceLayer [On_Demand | Running] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia)
(LVPrcSrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.)

[Driver Services - Safe List]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110606.002\NAVEX15.SYS -> [2011/05/27 14:18:38 | 001,542,392 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110606.002\NAVENG.SYS -> [2011/05/27 14:18:38 | 000,086,008 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2011/05/27 14:18:37 | 000,374,392 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/05/27 14:18:37 | 000,105,592 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2011/05/27 14:11:11 | 000,126,584 | ---- | M] (Symantec Corporation)
(BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110519.002\BHDrvx86.sys -> [2011/05/19 20:37:06 | 000,810,616 | ---- | M] (Symantec Corporation)
(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -> [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -> [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -> [2011/03/22 01:39:49 | 000,369,784 | ---- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -> [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation)
(IDSxpx86) IDSxpx86 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110603.003\IDSXpx86.sys -> [2011/03/15 03:29:00 | 000,341,944 | ---- | M] (Symantec Corporation)
(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -> [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation)
(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -> [2010/11/16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ccdcmbo.sys -> [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ccdcmb.sys -> [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia)
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -> [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia)
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvcflt.sys -> [2009/05/01 00:03:30 | 000,023,832 | R--- | M] (Logitech Inc.)
(LVUVC) Logitech Webcam 250(UVC) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvc.sys -> [2009/05/01 00:03:08 | 006,754,712 | R--- | M] (Logitech Inc.)
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvrs.sys -> [2009/05/01 00:01:36 | 000,265,496 | R--- | M] (Logitech Inc.)
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvpopflt.sys -> [2009/05/01 00:00:00 | 000,114,712 | R--- | M] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2009/04/30 17:00:12 | 000,025,624 | ---- | M] ()
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pccsmcfd.sys -> [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
(RTL8187B) NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wg111v3.sys -> [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation )
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://google.com/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\rw5ah8qh.default\prefs.js -> 
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://timeanddate.com/worldclock/city.html?n=136" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 ->
extensions.enabledItems -> {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.5.2 ->
extensions.enabledItems -> {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> -> 
HKLM\software\mozilla\Firefox\extensions\\[email protected] -> C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> [2010/01/13 18:09:13 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\COFFNST\ -> 
HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN\] -> [2011/05/27 14:12:35 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\] -> [2011/05/27 14:09:27 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
-> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2009/12/30 22:51:54 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\extensions -> [2011/04/16 21:27:46 | 000,000,000 | ---D | M]
ImTranslator -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} -> [2010/01/03 14:24:53 | 000,000,000 | ---D | M]
FoxLingo -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} -> [2010/01/03 14:32:20 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
cambridge-dictionary-british.xml -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\searchplugins\cambridge-dictionary-british.xml -> [2010/05/15 10:58:54 | 000,001,505 | ---- | M] ()
dictionary---referencecom.xml -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\searchplugins\dictionary---referencecom.xml -> [2010/05/22 20:01:13 | 000,001,587 | ---- | M] ()
scroogle.xml -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\searchplugins\scroogle.xml -> [2011/04/15 15:32:15 | 000,001,189 | ---- | M] ()
thesaurus---referencecom.xml -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rw5ah8qh.default\searchplugins\thesaurus---referencecom.xml -> [2010/05/15 14:02:07 | 000,001,539 | ---- | M] ()
< HOSTS File > ([2011/05/25 12:22:16 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll [Symantec NCO BHO] -> [2011/04/28 23:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll [Symantec Intrusion Prevention] -> [2011/03/31 04:01:20 | 000,210,872 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll [Norton Toolbar] -> [2011/04/28 23:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}" [HKLM] -> C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll [Norton Safe Web Lite] -> [2010/12/08 02:58:58 | 000,433,592 | R--- | M] (Symantec Corporation)
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll [Norton Toolbar] -> [2011/04/28 23:33:29 | 000,436,152 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2011/01/30 16:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/03 23:32:00 | 000,208,952 | ---- | M] (Microsoft Corporation)
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2004/08/03 23:31:50 | 000,059,392 | ---- | M] ()
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/03 23:32:16 | 000,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2004/08/03 23:32:16 | 000,455,168 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"PC Suite Tray" -> C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray] -> [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2008/12/11 16:38:04 | 002,322,432 | ---- | M] ()
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262213848196 [WUWebControl Class] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos-beta/OnlineScanner.cab [OnlineScanner Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> 
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] -> 
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{ACACEC32-576F-404F-ADE6-1789CB233BB2}\\DhcpNameServer -> 192.168.0.1 (Broadcom 440x 10/100 Integrated Controller) -> 
{ECFE3E76-A06D-45F1-9CAF-355D62696902}\\DhcpNameServer -> 192.168.0.1 (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2005/06/22 00:44:12 | 000,348,160 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/08/18 15:49:56 | 000,384,000 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
LogitechQuickCamRibbon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe -> [2009/05/08 11:35:50 | 002,780,432 | ---- | M] ()
PC Suite Tray hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -> [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 03/06/2011 15:23:52 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 03/06/2011 16:04:54 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 04/06/2011 03:50:44 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 05/06/2011 11:25:26 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 05/06/2011 11:35:20 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 05/06/2011 11:51:20 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 05/06/2011 14:03:38 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 06/06/2011 05:08:44 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 06/06/2011 07:24:29 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
Application [ Error ] 06/06/2011 12:57:39 Computer Name = DELLRICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved 
System [ Error ] 25/05/2011 17:45:40 Computer Name = DELLRICE | Source = Service Control Manager | ID = 7034 -> Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 25/05/2011 17:45:40 Computer Name = DELLRICE | Source = Service Control Manager | ID = 7034 -> Description = The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 25/05/2011 17:45:40 Computer Name = DELLRICE | Source = Service Control Manager | ID = 7031 -> Description = The Norton Safe Web Lite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
System [ Error ] 25/05/2011 17:45:41 Computer Name = DELLRICE | Source = Service Control Manager | ID = 7034 -> Description = The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 26/05/2011 08:41:33 Computer Name = DELLRICE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.0.4 for the Network Card with network address 000D56571AAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 26/05/2011 09:04:15 Computer Name = DELLRICE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.0.2 for the Network Card with network address 000D56571AAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 26/05/2011 09:55:09 Computer Name = DELLRICE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.0.2 for the Network Card with network address 000D56571AAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 26/05/2011 10:01:05 Computer Name = DELLRICE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.0.2 for the Network Card with network address 000D56571AAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 26/05/2011 11:07:17 Computer Name = DELLRICE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.0.3 for the Network Card with network address 001E2AB424D5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 27/05/2011 07:38:34 Computer Name = DELLRICE | Source = Service Control Manager | ID = 7034 -> Description = The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

[Files/Folders - Created Within 30 Days]
Firefox Setup 4.0.1.exe -> C:\Program Files\Firefox Setup 4.0.1.exe -> [2011/06/06 12:21:12 | 012,340,504 | ---- | C] (Mozilla)
Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2011/06/05 16:42:10 | 000,000,000 | ---D | C]
ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2011/06/03 20:38:49 | 000,040,960 | ---- | C] (Microsoft Corporation)
wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2011/06/03 20:38:22 | 000,045,568 | ---- | C] (Microsoft Corporation)
mfc42.dll -> C:\WINDOWS\System32\dllcache\mfc42.dll -> [2011/06/03 20:37:41 | 000,978,944 | ---- | C] (Microsoft Corporation)
mfc40u.dll -> C:\WINDOWS\System32\dllcache\mfc40u.dll -> [2011/06/03 20:37:41 | 000,953,856 | ---- | C] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\System32\dllcache\comctl32.dll -> [2011/06/03 20:37:05 | 000,617,472 | ---- | C] (Microsoft Corporation)
Prefetch -> C:\WINDOWS\Prefetch -> [2011/06/03 16:25:31 | 000,000,000 | ---D | C]
scripting -> C:\WINDOWS\System32\scripting -> [2011/06/03 15:49:29 | 000,000,000 | ---D | C]
l2schemas -> C:\WINDOWS\l2schemas -> [2011/06/03 15:49:27 | 000,000,000 | ---D | C]
en -> C:\WINDOWS\System32\en -> [2011/06/03 15:49:26 | 000,000,000 | ---D | C]
network diagnostic -> C:\WINDOWS\network diagnostic -> [2011/06/03 15:41:52 | 000,000,000 | ---D | C]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [2011/06/03 15:16:59 | 000,000,000 | ---D | C]
DoctorWeb -> C:\Documents and Settings\Administrator\DoctorWeb -> [2011/06/02 07:23:40 | 000,000,000 | ---D | C]
FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/05/28 18:50:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated)
uninstall_flash_player.exe -> C:\Documents and Settings\Administrator\Desktop\uninstall_flash_player.exe -> [2011/05/28 18:39:05 | 000,240,288 | ---- | C] (Adobe Systems, Inc.)
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2011/05/27 14:11:12 | 000,126,584 | ---- | C] (Symantec Corporation)
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2011/05/27 14:11:12 | 000,060,872 | ---- | C] (Symantec Corporation)
Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2011/05/27 14:11:11 | 000,000,000 | ---D | C]
Symantec -> C:\Program Files\Symantec -> [2011/05/27 14:11:11 | 000,000,000 | ---D | C]
symtdiv.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys -> [2011/05/27 14:10:55 | 000,331,384 | ---- | C] (Symantec Corporation)
symefa.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symefa.sys -> [2011/05/27 14:10:54 | 000,744,568 | ---- | C] (Symantec Corporation)
symtdi.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys -> [2011/05/27 14:10:54 | 000,369,784 | ---- | C] (Symantec Corporation)
symnets.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys -> [2011/05/27 14:10:54 | 000,296,568 | ---- | C] (Symantec Corporation)
symds.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symds.sys -> [2011/05/27 14:10:53 | 000,340,088 | ---- | C] (Symantec Corporation)
srtspx.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys -> [2011/05/27 14:10:53 | 000,050,168 | ---- | C] (Symantec Corporation)
srtsp.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys -> [2011/05/27 14:10:52 | 000,516,216 | ---- | C] (Symantec Corporation)
ironx86.sys -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\ironx86.sys -> [2011/05/27 14:10:52 | 000,136,312 | R--- | C] (Symantec Corporation)
Norton Internet Security -> C:\Program Files\Norton Internet Security -> [2011/05/27 14:08:13 | 000,000,000 | ---D | C]
Norton Internet Security -> C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security -> [2011/05/27 14:08:13 | 000,000,000 | ---D | C]
puppy9768p -> C:\puppy9768p -> [2011/05/27 12:44:57 | 000,000,000 | --SD | C]
RECYCLER -> C:\RECYCLER -> [2011/05/25 16:11:00 | 000,000,000 | -HSD | C]
CatRoot2 -> C:\WINDOWS\System32\CatRoot2 -> [2011/05/25 11:58:17 | 000,000,000 | ---D | C]
DIAL-A~1 -> C:\Documents and Settings\Administrator\Desktop\DIAL-A~1 -> [2011/05/25 11:55:59 | 000,000,000 | ---D | C]
KB905474 -> C:\WINDOWS\System32\KB905474 -> [2011/05/25 00:18:16 | 000,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2011/05/24 21:01:36 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/05/24 12:09:06 | 000,645,632 | ---- | C] (OldTimer Tools)
NtmsData -> C:\WINDOWS\System32\NtmsData -> [2011/05/24 09:38:52 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2011/05/23 23:08:05 | 000,000,000 | RHSD | C]
puppy -> C:\puppy -> [2011/05/23 18:32:00 | 000,000,000 | ---D | C]
puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2011/05/23 17:00:18 | 004,293,849 | R--- | C] (Swearware)
backups -> C:\Documents and Settings\Administrator\Desktop\backups -> [2011/05/22 23:07:28 | 000,000,000 | ---D | C]
HostsXpert 4.3 -> C:\HostsXpert 4.3 -> [2011/05/22 22:30:48 | 000,000,000 | ---D | C]
Sur -> C:\Sur -> [2011/05/22 17:51:17 | 000,000,000 | ---D | C]
aswMBR.exe -> C:\Documents and Settings\Administrator\Desktop\aswMBR.exe -> [2011/05/20 22:28:07 | 000,589,632 | ---- | C] (AVAST Software)
ESET -> C:\Program Files\ESET -> [2011/05/20 19:34:25 | 000,000,000 | ---D | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2011/05/20 00:03:15 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2011/05/18 20:34:22 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Common Files\Java -> [2011/05/18 20:34:16 | 000,000,000 | ---D | C]
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/05/18 20:33:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.)
deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/05/18 20:33:23 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/05/18 20:33:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/05/18 20:33:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2011/05/18 20:33:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
Java -> C:\Program Files\Java -> [2011/05/18 20:32:29 | 000,000,000 | ---D | C]
jre-6u25-windows-i586.exe -> C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe -> [2011/05/18 20:13:42 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2011/05/12 19:21:41 | 000,388,608 | ---- | C] (Trend Micro Inc.)
1206000.01D -> C:\WINDOWS\System32\drivers\NIS\1206000.01D -> [2011/05/11 14:00:41 | 000,000,000 | ---D | C]
NIS -> C:\WINDOWS\System32\drivers\NIS -> [2011/05/11 13:59:46 | 000,000,000 | ---D | C]
NST -> C:\WINDOWS\System32\drivers\NST -> [2011/05/11 07:51:57 | 000,000,000 | ---D | C]
Norton Safe Web Lite -> C:\Program Files\Norton Safe Web Lite -> [2011/05/11 07:51:57 | 000,000,000 | ---D | C]
0102000.006 -> C:\WINDOWS\System32\drivers\NST\0102000.006 -> [2011/05/11 07:51:57 | 000,000,000 | ---D | C]
NPE -> C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE -> [2011/05/10 23:23:53 | 000,000,000 | ---D | C]
NPE.exe -> C:\Documents and Settings\Administrator\Desktop\NPE.exe -> [2011/05/10 23:23:03 | 006,141,880 | ---- | C] (Symantec Corporation)
Tific -> C:\Documents and Settings\Administrator\Application Data\Tific -> [2011/05/10 23:17:34 | 000,000,000 | ---D | C]
Symantec -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec -> [2011/05/10 23:17:30 | 000,000,000 | ---D | C]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500Core.job -> [2011/06/06 21:47:02 | 000,000,958 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1708537768-682003330-500UA.job -> [2011/06/06 21:47:01 | 000,001,010 | ---- | M] ()
WGASetup.job -> C:\WINDOWS\tasks\WGASetup.job -> [2011/06/06 17:58:28 | 000,000,260 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/06/06 17:57:27 | 000,002,048 | --S- | M] ()
Firefox Setup 4.0.1.exe -> C:\Program Files\Firefox Setup 4.0.1.exe -> [2011/06/06 12:21:12 | 012,340,504 | ---- | M] (Mozilla)
Google Chrome.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2011/06/06 10:49:17 | 000,002,322 | ---- | M] ()
Google Chrome.lnk -> C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk -> [2011/06/06 10:49:16 | 000,002,344 | ---- | M] ()
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk -> [2011/06/05 16:45:48 | 000,001,734 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/06/05 16:25:19 | 000,002,206 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/06/03 21:04:37 | 000,116,560 | ---- | M] ()
Cat.DB -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB -> [2011/06/03 21:01:24 | 001,175,734 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/06/03 21:01:10 | 000,001,355 | ---- | M] ()
WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2011/06/03 16:28:53 | 000,316,640 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/06/03 16:28:49 | 000,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/06/03 16:28:49 | 000,039,992 | ---- | M] ()
Windows Media Player.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/06/03 16:27:51 | 000,000,804 | ---- | M] ()
ntldr -> C:\ntldr -> [2011/06/03 15:41:24 | 000,250,048 | RHS- | M] ()
Netgear wireless USB.html -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB.html -> [2011/06/02 19:00:30 | 000,001,066 | ---- | M] ()
Netgear wireless USB_html_m1ff89490.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_m1ff89490.jpg -> [2011/06/02 19:00:29 | 000,053,212 | ---- | M] ()
Netgear wireless USB_html_5be61cbe.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_5be61cbe.jpg -> [2011/06/02 19:00:29 | 000,052,139 | ---- | M] ()
Netgear wireless USB_html_3cc0ab72.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_3cc0ab72.jpg -> [2011/06/02 19:00:29 | 000,048,681 | ---- | M] ()
Netgear wireless USB_html_m4853a9c0.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_m4853a9c0.jpg -> [2011/06/02 19:00:29 | 000,041,733 | ---- | M] ()
drweb scan_html_m686e401a.jpg -> C:\Documents and Settings\Administrator\Desktop\drweb scan_html_m686e401a.jpg -> [2011/06/02 12:43:48 | 000,037,222 | ---- | M] ()
drweb scan.html -> C:\Documents and Settings\Administrator\Desktop\drweb scan.html -> [2011/06/02 12:43:48 | 000,000,615 | ---- | M] ()
drweb-cureit.exe -> C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe -> [2011/06/01 23:49:18 | 064,584,512 | ---- | M] ()
FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/05/28 18:50:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
uninstall_flash_player.exe -> C:\Documents and Settings\Administrator\Desktop\uninstall_flash_player.exe -> [2011/05/28 18:39:05 | 000,240,288 | ---- | M] (Adobe Systems, Inc.)
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2011/05/27 14:11:11 | 000,126,584 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2011/05/27 14:11:11 | 000,060,872 | ---- | M] (Symantec Corporation)
SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2011/05/27 14:11:11 | 000,007,468 | ---- | M] ()
SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2011/05/27 14:11:11 | 000,000,806 | ---- | M] ()
Norton Internet Security.LNK -> C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK -> [2011/05/27 14:10:59 | 000,001,973 | ---- | M] ()
Uninstall Cfix.html.jpg -> C:\Documents and Settings\Administrator\Desktop\Uninstall Cfix.html.jpg -> [2011/05/27 12:42:37 | 000,017,501 | ---- | M] ()
Uninstall Combofix screen shot.html -> C:\Documents and Settings\Administrator\Desktop\Uninstall Combofix screen shot.html -> [2011/05/27 12:42:37 | 000,000,700 | ---- | M] ()
flush.html -> C:\Documents and Settings\Administrator\Desktop\flush.html -> [2011/05/25 22:53:20 | 000,000,608 | ---- | M] ()
flush_html_m1d831ac0.jpg -> C:\Documents and Settings\Administrator\Desktop\flush_html_m1d831ac0.jpg -> [2011/05/25 22:53:19 | 000,023,205 | ---- | M] ()
Alt Config_html_724d3cf5.jpg -> C:\Documents and Settings\Administrator\Desktop\Alt Config_html_724d3cf5.jpg -> [2011/05/25 22:40:41 | 000,026,474 | ---- | M] ()
Alt Config.html -> C:\Documents and Settings\Administrator\Desktop\Alt Config.html -> [2011/05/25 22:40:41 | 000,000,614 | ---- | M] ()
Internet 1_html_m43cc823f.jpg -> C:\Documents and Settings\Administrator\Desktop\Internet 1_html_m43cc823f.jpg -> [2011/05/25 18:52:20 | 000,033,413 | ---- | M] ()
Internet 1.html -> C:\Documents and Settings\Administrator\Desktop\Internet 1.html -> [2011/05/25 18:52:20 | 000,000,618 | ---- | M] ()
Internet Protocol.odt -> C:\Documents and Settings\Administrator\Desktop\Internet Protocol.odt -> [2011/05/25 18:24:03 | 000,038,705 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/05/25 12:22:16 | 000,000,027 | ---- | M] ()
puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2011/05/25 12:10:09 | 004,293,849 | R--- | M] (Swearware)
Dial-a-fix-v0.60.0.24.zip -> C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24.zip -> [2011/05/25 11:55:20 | 000,335,992 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/05/24 12:09:10 | 000,645,632 | ---- | M] (OldTimer Tools)
boot.ini -> C:\boot.ini -> [2011/05/23 23:08:10 | 000,000,327 | RHS- | M] ()
Norton_Removal_Tool.exe -> C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe -> [2011/05/23 22:27:56 | 000,932,400 | ---- | M] ()
v23o95yw.exe -> C:\Documents and Settings\Administrator\Desktop\v23o95yw.exe -> [2011/05/23 14:22:30 | 000,302,080 | ---- | M] ()
MBR.dat -> C:\Documents and Settings\Administrator\Desktop\MBR.dat -> [2011/05/20 22:30:26 | 000,000,512 | ---- | M] ()
aswMBR.exe -> C:\Documents and Settings\Administrator\Desktop\aswMBR.exe -> [2011/05/20 22:28:11 | 000,589,632 | ---- | M] (AVAST Software)
MBRCheck.exe -> C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe -> [2011/05/20 20:43:11 | 000,080,384 | ---- | M] ()
dds.scr -> C:\Documents and Settings\Administrator\Desktop\dds.scr -> [2011/05/18 21:08:12 | 000,625,664 | ---- | M] ()
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/05/18 20:32:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/05/18 20:32:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2011/05/18 20:32:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/05/18 20:32:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/05/18 20:32:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
jre-6u25-windows-i586.exe -> C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe -> [2011/05/18 20:13:42 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.)
New OpenDocument Text.odt -> C:\Documents and Settings\Administrator\Desktop\New OpenDocument Text.odt -> [2011/05/17 21:30:04 | 004,146,920 | ---- | M] ()
FullManual.pdf -> C:\Documents and Settings\Administrator\Desktop\FullManual.pdf -> [2011/05/17 12:59:30 | 000,350,400 | ---- | M] ()
NPE SCREEN SHOT.odt -> C:\Documents and Settings\Administrator\Desktop\NPE SCREEN SHOT.odt -> [2011/05/13 23:25:31 | 000,047,384 | ---- | M] ()
defogger_reenable -> C:\Documents and Settings\Administrator\defogger_reenable -> [2011/05/13 21:41:00 | 000,000,000 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2011/05/13 20:10:15 | 000,000,211 | ---- | M] ()
dell pc.odt -> C:\Documents and Settings\Administrator\Desktop\dell pc.odt -> [2011/05/13 17:01:39 | 000,009,358 | ---- | M] ()
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2011/05/12 19:21:44 | 000,388,608 | ---- | M] (Trend Micro Inc.)
NPE.exe -> C:\Documents and Settings\Administrator\Desktop\NPE.exe -> [2011/05/10 23:22:45 | 006,141,880 | ---- | M] (Symantec Corporation)
8 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk -> [2011/06/05 16:45:47 | 000,001,804 | ---- | C] ()
Adobe Reader X.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk -> [2011/06/05 16:45:47 | 000,001,734 | ---- | C] ()
Netgear wireless USB_html_m1ff89490.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_m1ff89490.jpg -> [2011/06/02 19:00:29 | 000,053,212 | ---- | C] ()
Netgear wireless USB_html_5be61cbe.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_5be61cbe.jpg -> [2011/06/02 19:00:29 | 000,052,139 | ---- | C] ()
Netgear wireless USB_html_3cc0ab72.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_3cc0ab72.jpg -> [2011/06/02 19:00:29 | 000,048,681 | ---- | C] ()
Netgear wireless USB_html_m4853a9c0.jpg -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB_html_m4853a9c0.jpg -> [2011/06/02 19:00:29 | 000,041,733 | ---- | C] ()
Netgear wireless USB.html -> C:\Documents and Settings\Administrator\Desktop\Netgear wireless USB.html -> [2011/06/02 19:00:27 | 000,001,066 | ---- | C] ()
drweb scan_html_m686e401a.jpg -> C:\Documents and Settings\Administrator\Desktop\drweb scan_html_m686e401a.jpg -> [2011/06/02 12:43:48 | 000,037,222 | ---- | C] ()
drweb scan.html -> C:\Documents and Settings\Administrator\Desktop\drweb scan.html -> [2011/06/02 12:43:47 | 000,000,615 | ---- | C] ()
drweb-cureit.exe -> C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe -> [2011/06/01 23:49:18 | 064,584,512 | ---- | C] ()
SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2011/05/27 14:11:12 | 000,007,468 | ---- | C] ()
SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2011/05/27 14:11:12 | 000,000,806 | ---- | C] ()
Norton Internet Security.LNK -> C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK -> [2011/05/27 14:10:59 | 000,001,973 | ---- | C] ()
symnetv.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat -> [2011/05/27 14:10:54 | 000,007,877 | ---- | C] ()
symnet.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnet.cat -> [2011/05/27 14:10:54 | 000,007,458 | ---- | C] ()
symefa.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symefa.inf -> [2011/05/27 14:10:54 | 000,003,373 | ---- | C] ()
symnetv.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.inf -> [2011/05/27 14:10:54 | 000,001,474 | ---- | C] ()
symnet.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnet.inf -> [2011/05/27 14:10:54 | 000,001,446 | ---- | C] ()
symefa.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symefa.cat -> [2011/05/27 14:10:53 | 000,007,456 | ---- | C] ()
srtspx.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat -> [2011/05/27 14:10:53 | 000,007,454 | ---- | C] ()
symds.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symds.inf -> [2011/05/27 14:10:53 | 000,002,792 | ---- | C] ()
srtspx.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf -> [2011/05/27 14:10:53 | 000,001,389 | ---- | C] ()
iron.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat -> [2011/05/27 14:10:52 | 000,007,528 | R--- | C] ()
srtsp.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat -> [2011/05/27 14:10:52 | 000,007,450 | ---- | C] ()
srtsp.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf -> [2011/05/27 14:10:52 | 000,001,383 | ---- | C] ()
iron.inf -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.inf -> [2011/05/27 14:10:52 | 000,000,742 | R--- | C] ()
isolate.ini -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini -> [2011/05/27 14:10:52 | 000,000,172 | ---- | C] ()
symds.cat -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\symds.cat -> [2011/05/27 14:09:56 | 000,000,000 | ---- | C] ()
Uninstall Cfix.html.jpg -> C:\Documents and Settings\Administrator\Desktop\Uninstall Cfix.html.jpg -> [2011/05/27 12:42:37 | 000,017,501 | ---- | C] ()
Uninstall Combofix screen shot.html -> C:\Documents and Settings\Administrator\Desktop\Uninstall Combofix screen shot.html -> [2011/05/27 12:42:36 | 000,000,700 | ---- | C] ()
flush_html_m1d831ac0.jpg -> C:\Documents and Settings\Administrator\Desktop\flush_html_m1d831ac0.jpg -> [2011/05/25 22:53:19 | 000,023,205 | ---- | C] ()
flush.html -> C:\Documents and Settings\Administrator\Desktop\flush.html -> [2011/05/25 22:53:18 | 000,000,608 | ---- | C] ()
Alt Config_html_724d3cf5.jpg -> C:\Documents and Settings\Administrator\Desktop\Alt Config_html_724d3cf5.jpg -> [2011/05/25 22:40:41 | 000,026,474 | ---- | C] ()
Alt Config.html -> C:\Documents and Settings\Administrator\Desktop\Alt Config.html -> [2011/05/25 22:40:40 | 000,000,614 | ---- | C] ()
Internet 1_html_m43cc823f.jpg -> C:\Documents and Settings\Administrator\Desktop\Internet 1_html_m43cc823f.jpg -> [2011/05/25 18:52:20 | 000,033,413 | ---- | C] ()
Internet 1.html -> C:\Documents and Settings\Administrator\Desktop\Internet 1.html -> [2011/05/25 18:52:19 | 000,000,618 | ---- | C] ()
Internet Protocol.odt -> C:\Documents and Settings\Administrator\Desktop\Internet Protocol.odt -> [2011/05/25 18:24:01 | 000,038,705 | ---- | C] ()
Dial-a-fix-v0.60.0.24.zip -> C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24.zip -> [2011/05/25 11:55:20 | 000,335,992 | ---- | C] ()
WGASetup.job -> C:\WINDOWS\tasks\WGASetup.job -> [2011/05/25 00:18:16 | 000,000,260 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2011/05/23 23:08:10 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2011/05/23 23:08:07 | 000,260,272 | RHS- | C] ()
Norton_Removal_Tool.exe -> C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe -> [2011/05/23 22:27:48 | 000,932,400 | ---- | C] ()
v23o95yw.exe -> C:\Documents and Settings\Administrator\Desktop\v23o95yw.exe -> [2011/05/23 14:22:28 | 000,302,080 | ---- | C] ()
MBR.dat -> C:\Documents and Settings\Administrator\Desktop\MBR.dat -> [2011/05/20 22:30:26 | 000,000,512 | ---- | C] ()
MBRCheck.exe -> C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe -> [2011/05/20 20:43:10 | 000,080,384 | ---- | C] ()
dds.scr -> C:\Documents and Settings\Administrator\Desktop\dds.scr -> [2011/05/18 21:08:07 | 000,625,664 | ---- | C] ()
FullManual.pdf -> C:\Documents and Settings\Administrator\Desktop\FullManual.pdf -> [2011/05/17 12:59:30 | 000,350,400 | ---- | C] ()
NPE SCREEN SHOT.odt -> C:\Documents and Settings\Administrator\Desktop\NPE SCREEN SHOT.odt -> [2011/05/13 23:25:30 | 000,047,384 | ---- | C] ()
defogger_reenable -> C:\Documents and Settings\Administrator\defogger_reenable -> [2011/05/13 21:41:00 | 000,000,000 | ---- | C] ()
dell pc.odt -> C:\Documents and Settings\Administrator\Desktop\dell pc.odt -> [2011/05/13 17:01:38 | 000,009,358 | ---- | C] ()
Cat.DB -> C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB -> [2011/05/11 14:02:34 | 001,175,734 | ---- | C] ()
isolate.ini -> C:\WINDOWS\System32\drivers\NST\0102000.006\isolate.ini -> [2011/05/11 07:51:57 | 000,000,172 | ---- | C] ()
hitmanpro35.sys -> C:\WINDOWS\System32\drivers\hitmanpro35.sys -> [2011/04/25 18:02:03 | 000,017,480 | ---- | C] ()
Tiny_Run.ini -> C:\WINDOWS\Tiny_Run.ini -> [2011/01/02 15:01:48 | 000,000,129 | ---- | C] ()
Maths7.ini -> C:\WINDOWS\Maths7.ini -> [2010/08/24 09:33:21 | 000,000,201 | ---- | C] ()
cpwmon2k.dll -> C:\WINDOWS\System32\cpwmon2k.dll -> [2010/05/08 11:17:30 | 000,087,552 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/01/06 15:49:34 | 000,015,872 | ---- | C] ()
lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2010/01/06 02:45:56 | 000,082,289 | R--- | C] ()
ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2009/12/30 23:23:54 | 000,000,056 | ---- | C] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2009/12/30 22:51:45 | 000,000,000 | ---- | C] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/29 22:06:38 | 000,002,048 | --S- | C] ()
emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2009/12/29 21:48:03 | 000,021,640 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2009/12/29 21:35:32 | 000,004,161 | ---- | C] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/29 21:34:08 | 000,116,560 | ---- | C] ()
iKeyLFT2.dll -> C:\WINDOWS\System32\drivers\iKeyLFT2.dll -> [2009/05/08 11:13:04 | 000,013,584 | ---- | C] ()
LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2009/04/30 17:00:12 | 000,025,624 | ---- | C] ()
secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/02 15:20:40 | 000,004,569 | ---- | C] ()
oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2003/07/16 17:48:28 | 000,004,594 | ---- | C] ()
oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2003/07/16 17:48:27 | 013,107,200 | ---- | C] ()
perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2003/07/16 17:35:07 | 000,272,128 | ---- | C] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2003/07/16 17:35:06 | 000,311,604 | ---- | C] ()
perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2003/07/16 17:35:05 | 000,028,626 | ---- | C] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2003/07/16 17:35:03 | 000,039,992 | ---- | C] ()
noise.dat -> C:\WINDOWS\System32\noise.dat -> [2003/07/16 17:33:18 | 000,000,741 | ---- | C] ()
mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2003/07/16 17:28:25 | 000,673,088 | ---- | C] ()
mib.bin -> C:\WINDOWS\System32\mib.bin -> [2003/07/16 17:28:14 | 000,046,258 | ---- | C] ()
dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2003/07/16 17:21:49 | 000,218,003 | ---- | C] ()
dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2003/07/16 17:20:48 | 000,001,804 | ---- | C] ()
< End of report >


----------



## Cookiegal (Aug 27, 2003)

It doesn't look like it held the paging file change we made.

Go to the Control Panel and if in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System).

On the Advanced tab, under Performance, click Settings.

On the Advanced tab, under Virtual memory, click Change and select the radio dial beside "Custom Size" Initial Size (MB) and in the box enter 1521 and then click Set and OK. Reboot the computer and see if the videos play any better.

Please do the same on both PCs.

Then on PC1 only:

Go to the following link and download Dial-a-Fix to your desktop and extract the files.

http://majorgeeks.com/Dial-a-fix_d4899.html

Double click on Dial-a-Fix.exe to run the program. Under the SSL/HTTPS/Cryptopgraphy heading, put a check mark next to "Fix SSL/HTTPS/Cryptsvc:", this will automatically check the other boxes beneath it. The click on "Go".


----------



## GIRLY1 (May 11, 2011)

The paging file change has been done on *PC1* and *PC2 *and PC's rebooted.

*PC1* is playing fine.
*PC2* is still the same as previously mentioned.

Dial-a-Fix has been done on *PC1* only.

Are PC1 and PC2 in the clear now and safe to use? (Apart from the PC2 playing issue).

Thanks


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> The paging file change has been done on *PC1* and *PC2 *and PC's rebooted.
> 
> *PC1* is playing fine.
> *PC2* is still the same as previously mentioned.


I seem to remember that when we installed the latest version on PC1 you were having problems but it was more with loading the videos than playing them, If I remember correctly. That's why we reverted back to an older version of Flash but I don't believe that changed anything. I'd have to search back through this lengthy thread to find that.


> Dial-a-Fix has been done on *PC1* only.


I didn't see the same errors on PC2 that were on PC1 that led to running Dial-a-Fix but let's do this on both PC1 and PC2 now to see if what new errors have occurred:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


> Are PC1 and PC2 in the clear now and safe to use? (Apart from the PC2 playing issue).


There are never any guarantees when there is a serious infection but the machine should be in good shape now. I do recommend changing all passwords though on all of the PCs as a precaution (even the one that will be reformatted).

Do you ever defrag these PCs and clear out the Temp and Temporary Internet files?

Also, please do this on both PC1 and PC2:

Go to Start - then right-click on your drive Local Disk (C and then select "Properties" and tell me what it says for "Used Space" and "Free Space" (give the GB amounts please not the bytes).


----------



## GIRLY1 (May 11, 2011)

> Do you ever defrag these PCs and clear out the Temp and Temporary Internet files?


No, but whenever I use internet I clear down via using Tools, Internet Options, Browsing History Delete, Check following boxes - Preserve Favourites Website Data, Temporary History files, cookies, History and clicking delete.

Please find pasted below event viewer errors

*PC1 Application Tab*

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 07/06/2011
Time: 12:30:44
User: N/A
Computer: DELLRICE
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 06/06/2011
Time: 17:57:39
User: N/A
Computer: DELLRICE
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 06/06/2011
Time: 12:24:29
User: N/A
Computer: DELLRICE
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 06/06/2011
Time: 10:08:44
User: N/A
Computer: DELLRICE
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 05/06/2011
Time: 19:03:38
User: N/A
Computer: DELLRICE
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 05/06/2011
Time: 16:51:20
User: N/A
Computer: DELLRICE
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*PC1 System Tab*
No errors to report

*PC1* 
Used Space - 13.0 GB
Free Space - 25.1 GB

___________________________________________________________________________

*PC2 Application Tab*

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 05/06/2011
Time: 20:50:50
User: N/A
Computer: D6KLM72J
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Google Update
Event Category: None
Event ID: 20
Date: 01/06/2011
Time: 23:07:59
User: NT AUTHORITY\SYSTEM
Computer: D6KLM72J
Description:
The description for Event ID ( 20 ) in Source ( Google Update ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
.

*PC2 System Tab*

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 06/06/2011
Time: 10:17:36
User: N/A
Computer: D6KLM72J
Description:
The Application Management service terminated with the following error: 
The specified module could not be found. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 06/06/2011
Time: 10:17:35
User: N/A
Computer: D6KLM72J
Description:
The Application Management service terminated with the following error: 
The specified module could not be found. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 06/06/2011
Time: 10:17:35
User: N/A
Computer: D6KLM72J
Description:
The Application Management service terminated with the following error: 
The specified module could not be found. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 06/06/2011
Time: 10:17:35
User: N/A
Computer: D6KLM72J
Description:
The Application Management service terminated with the following error: 
The specified module could not be found. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 05/06/2011
Time: 22:44:24
User: N/A
Computer: D6KLM72J
Description:
The Secunia PSI Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*PC2 *
Used Space - 9.23 GB
Free Space - 62.2 GB


----------



## Cookiegal (Aug 27, 2003)

Run Dial-a-Fix on both PC1 and PC2 with the following options checked:

Under WU/WUAU check Fix Windows Update

Under SSL/HTTPS/Cryptopgraphy check SSL/HTTPS/Cryptsvc:

Then hit Go.

Once you've done that reboot the machines.

Then do a defrag on each one as well.

To do that, go to Start - My Computer - right-click on the C: drive and select Properties. Then click on the Tool tab and under Defragmentation click on Defragment Now. On the next screen click on Defragment and let the process finish.


----------



## GIRLY1 (May 11, 2011)

Confirmation required.

Under WU/WUAU, I checked Fix Windows Update
and it automatically checked everything 
Under SSL/HTTPS/Cryptopgraphy(which is fine)
but it also automatically checked 
Under Registration center - Programming cores/runtimes

Is this OK?(I have attached screen shot)
Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes, that's fine.


----------



## GIRLY1 (May 11, 2011)

*PC1* - Dial a fix and Defrag all done.

*PC2*. - I have encountered the following error(see attached).
Please advise on next step as I have not clicked OK as yet.
thanks


----------



## Cookiegal (Aug 27, 2003)

You can click OK but no need to send an e-mail.

For PC1 please run it a bit over the next few hours and then check the Event Viewer again. I'd like t know if those errors are still being generated so please only post any that have occurred since running Dial-a-Fix.

PC2 seems to be a bit stubborn. 

On PC2 please run a defrag and then run this:

Download *RSIT* (Random's System Information Tool) by Random/Random from *Here* to your desktop, then click on the *RSIT.exe* to start the scan.

Note: If running Vista, right click on the RSIT.exe and select "Run as Administrator".

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a text box will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

*RSIT will also create a second log*, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).


----------



## GIRLY1 (May 11, 2011)

*PC2* - Dial a fix and Defrag all done. Please find RSIT logs pasted below

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-06-07 20:41:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (87%) free of 73 GB
Total RAM: 510 MB (16% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:59, on 07/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
--
End of file - 5816 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll [2011-04-28 436152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL [2011-03-31 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-18 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll [2011-04-28 436152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-11-01 94208]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-04-27 26112]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2006-11-17 1552384]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-29 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2004-07-19 306688]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2006-02-09 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-04-27 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-06-07 20:41:34 ----D---- C:\Program Files\trend micro
2011-06-07 20:41:29 ----D---- C:\rsit
2011-06-07 19:53:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-07 19:53:10 ----HD---- C:\Program Files\WindowsUpdate
2011-06-06 10:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-06-06 10:28:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-06-05 20:53:25 ----D---- C:\Program Files\Secunia
2011-06-03 21:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-06-03 21:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-06-03 21:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-06-03 21:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-06-03 21:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-06-03 21:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-06-03 20:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2491683$
2011-06-03 20:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-06-03 20:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-06-03 20:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-06-03 20:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-06-03 20:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-06-03 20:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-06-03 20:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-06-03 20:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-06-03 20:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-06-03 20:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-06-03 20:52:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-06-03 20:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-06-03 20:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-06-03 20:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-06-03 20:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-06-03 20:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-06-03 20:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-06-03 20:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-06-03 20:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-06-03 20:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-06-03 20:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-06-03 20:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-06-03 20:43:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-06-03 20:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-06-03 20:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-06-03 20:42:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-06-03 20:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-06-03 20:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-06-03 20:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-06-03 20:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-06-03 20:41:05 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-06-03 20:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-06-03 20:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-06-03 20:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-06-03 20:39:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-06-03 20:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2011-06-03 20:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-06-03 14:52:23 ----D---- C:\WINDOWS\Prefetch
2011-06-03 14:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-06-03 14:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-06-03 14:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-06-03 14:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-06-03 14:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-06-03 14:41:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-06-03 14:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-06-03 14:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-06-03 14:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-06-03 14:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-06-03 14:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-06-03 14:39:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-06-03 14:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-06-03 14:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-06-03 14:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-06-03 14:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-06-03 14:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-06-03 14:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-06-03 14:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-06-03 14:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-06-03 14:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-06-03 14:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-06-03 14:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-06-03 14:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-06-03 14:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-06-03 14:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-06-03 14:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-06-03 14:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-06-03 14:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-06-03 14:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-06-03 14:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-06-03 14:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-06-03 14:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-06-03 14:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-06-03 14:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-06-03 14:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-06-03 14:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-06-03 14:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-06-03 14:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-06-03 14:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-06-03 14:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-06-03 14:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-06-03 14:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-06-03 14:32:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-06-03 14:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-06-03 14:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-06-03 14:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-06-03 14:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-06-03 14:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-06-03 14:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-06-03 14:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-06-03 14:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-06-03 14:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-06-03 14:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-06-03 14:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-06-03 14:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-06-03 14:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-06-03 14:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-06-03 14:18:47 ----D---- C:\WINDOWS\system32\scripting
2011-06-03 14:18:46 ----D---- C:\WINDOWS\l2schemas
2011-06-03 14:18:44 ----D---- C:\WINDOWS\system32\en
2011-06-03 14:18:43 ----D---- C:\WINDOWS\system32\bits
2011-06-03 14:04:55 ----D---- C:\WINDOWS\network diagnostic
2011-06-03 13:56:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-06-03 13:56:33 ----D---- C:\WINDOWS\EHome
2011-06-03 13:43:39 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-05-30 22:27:18 ----A---- C:\WINDOWS\WORDPAD.INI
2011-05-27 23:30:55 ----SHD---- C:\RECYCLER
2011-05-27 23:13:40 ----A---- C:\TDSSKiller.2.5.3.0_27.05.2011_23.13.40_log.txt
2011-05-27 22:31:47 ----A---- C:\ComboFix.txt
2011-05-27 18:23:07 ----D---- C:\_OTS
2011-05-22 22:36:26 ----D---- C:\HostsXpert 4.3
2011-05-22 17:44:07 ----A---- C:\TDSSKiller.2.5.1.0_22.05.2011_17.44.07_log.txt
2011-05-21 10:12:08 ----D---- C:\Program Files\Google
2011-05-20 19:25:34 ----D---- C:\Program Files\ESET
2011-05-19 23:26:40 ----A---- C:\Boot.bak
2011-05-19 23:26:35 ----RASHD---- C:\cmdcons
2011-05-19 22:30:59 ----D---- C:\WINDOWS\ERDNT
2011-05-18 20:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-05-18 20:49:42 ----D---- C:\Program Files\Common Files\Java
2011-05-18 20:49:28 ----A---- C:\WINDOWS\system32\javaws.exe
2011-05-18 20:49:28 ----A---- C:\WINDOWS\system32\javaw.exe
2011-05-18 20:49:28 ----A---- C:\WINDOWS\system32\java.exe
2011-05-18 20:49:28 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-05-13 12:07:34 ----D---- C:\Documents and Settings\Admin\Application Data\AdobeUM
2011-05-13 12:07:01 ----D---- C:\Program Files\Common Files\Adobe
2011-05-10 16:05:26 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys
2011-05-08 15:20:43 ----D---- C:\surj
2011-05-08 00:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2011-05-08 00:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
======List of files/folders modified in the last 1 months======
2011-06-07 20:41:36 ----D---- C:\WINDOWS\Temp
2011-06-07 20:41:34 ----RD---- C:\Program Files
2011-06-07 20:01:42 ----SHD---- C:\System Volume Information
2011-06-07 19:58:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-07 19:55:01 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-07 19:53:54 ----D---- C:\WINDOWS\system32
2011-06-07 17:58:59 ----D---- C:\WINDOWS
2011-06-06 18:13:22 ----D---- C:\Program Files\Common Files\AOL
2011-06-06 18:12:42 ----D---- C:\i386
2011-06-06 10:57:28 ----D---- C:\WINDOWS\system32\QuickTime
2011-06-06 10:57:27 ----D---- C:\Program Files\QuickTime
2011-06-06 10:48:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-06 10:43:13 ----SHD---- C:\WINDOWS\Installer
2011-06-06 10:37:15 ----D---- C:\WINDOWS\WinSxS
2011-06-06 10:36:00 ----D---- C:\Program Files\Adobe
2011-06-06 10:28:57 ----D---- C:\Documents and Settings\Admin\Application Data\Adobe
2011-06-06 10:28:43 ----D---- C:\Program Files\Common Files
2011-06-06 09:48:16 ----D---- C:\WINDOWS\system32\drivers
2011-06-05 20:53:41 ----HD---- C:\WINDOWS\inf
2011-06-03 21:20:35 ----D---- C:\Program Files\Internet Explorer
2011-06-03 21:06:58 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-03 21:06:50 ----A---- C:\WINDOWS\imsins.BAK
2011-06-03 21:06:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-06-03 20:49:45 ----D---- C:\Program Files\Outlook Express
2011-06-03 20:40:49 ----D---- C:\Program Files\Movie Maker
2011-06-03 14:56:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-03 14:54:50 ----A---- C:\WINDOWS\OEWABLog.txt
2011-06-03 14:54:33 ----D---- C:\Program Files\Windows Media Player
2011-06-03 14:52:54 ----A---- C:\WINDOWS\setuplog.txt
2011-06-03 14:51:29 ----D---- C:\WINDOWS\system32\Setup
2011-06-03 14:51:29 ----D---- C:\WINDOWS\AppPatch
2011-06-03 14:51:28 ----D---- C:\WINDOWS\system32\wbem
2011-06-03 14:51:26 ----RSD---- C:\WINDOWS\Fonts
2011-06-03 14:50:41 ----D---- C:\WINDOWS\security
2011-06-03 14:28:25 ----D---- C:\Program Files\Messenger
2011-06-03 14:20:25 ----D---- C:\WINDOWS\Help
2011-06-03 14:19:48 ----D---- C:\WINDOWS\ime
2011-06-03 14:18:50 ----D---- C:\WINDOWS\system32\en-US
2011-06-03 14:18:49 ----D---- C:\WINDOWS\system32\usmt
2011-06-03 14:18:43 ----D---- C:\WINDOWS\PeerNet
2011-06-03 14:10:34 ----D---- C:\WINDOWS\ServicePackFiles
2011-06-03 14:10:21 ----D---- C:\WINDOWS\system32\Restore
2011-06-03 14:10:20 ----D---- C:\WINDOWS\system32\npp
2011-06-03 14:10:18 ----D---- C:\WINDOWS\msagent
2011-06-03 14:10:15 ----D---- C:\WINDOWS\srchasst
2011-06-03 14:10:12 ----D---- C:\Program Files\NetMeeting
2011-06-03 14:10:09 ----D---- C:\WINDOWS\system32\Com
2011-06-03 14:10:00 ----D---- C:\Program Files\Windows NT
2011-06-03 14:09:51 ----D---- C:\Program Files\Common Files\System
2011-06-03 14:09:11 ----D---- C:\WINDOWS\system32\oobe
2011-06-03 14:09:06 ----D---- C:\WINDOWS\system
2011-06-03 14:02:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-06-03 13:13:32 ----D---- C:\WINDOWS\SoftwareDistribution
2011-05-30 18:44:20 ----RASH---- C:\boot.ini
2011-05-30 18:44:20 ----A---- C:\WINDOWS\win.ini
2011-05-30 18:44:20 ----A---- C:\WINDOWS\system.ini
2011-05-21 10:20:34 ----SD---- C:\WINDOWS\Tasks
2011-05-19 23:15:21 ----SD---- C:\WINDOWS\system32\Microsoft
2011-05-18 20:48:55 ----D---- C:\Program Files\Java
2011-05-10 09:58:39 ----D---- C:\WINDOWS\system32\drivers\NIS
2011-05-09 23:52:36 ----D---- C:\Program Files\Symantec
2011-05-09 23:52:35 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys []
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS [2011-03-31 50168]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS [2011-03-22 369784]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-04-27 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110603.003\IDSxpx86.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110607.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110607.003\NAVEX15.SYS []
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS [2011-03-31 516216]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-18 153376]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2006-07-03 49152]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
-----------------EOF-----------------

Info log
info.txt logfile of random's system information tool 1.08 2011-06-07 20:42:07
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
725plc32-->MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Adobe Reader X (10.0.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
AirPlus G-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B7E4354-0492-460A-BDB1-1F59EE141025}\setup.exe" -l0x9 -removeonly
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\setup.exe" 
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\setup.exe" 
ARTEuro-->MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}
CinepPlayer 30 Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}\setup.exe" -l0x9 -L0x9 /SMAINT
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support 5.0.0 (630)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Java(TM) 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\18.6.0.29\InstStub.exe /X /ARP
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Secunia PSI (2.0.0.3003)-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: Norton Internet Security
FW: Norton Internet Security
======System event log======
Computer Name: D6KLM72J
Event Code: 9
Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period.
Record Number: 2990
Source Name: atapi
Time Written: 20110520234131.000000+060
Event Type: error
User: 
Computer Name: D6KLM72J
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E5895137D. The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 2983
Source Name: Dhcp
Time Written: 20110520172124.000000+060
Event Type: warning
User: 
Computer Name: D6KLM72J
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E5895137D. The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 2982
Source Name: Dhcp
Time Written: 20110520172120.000000+060
Event Type: warning
User: 
Computer Name: D6KLM72J
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E5895137D. The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 2949
Source Name: Dhcp
Time Written: 20110520120110.000000+060
Event Type: warning
User: 
Computer Name: D6KLM72J
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 2829
Source Name: Tcpip
Time Written: 20110519182411.000000+060
Event Type: warning
User: 
=====Application event log=====
Computer Name: D6KLM72J
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Record Number: 156
Source Name: crypt32
Time Written: 20110506110832.000000+060
Event Type: error
User: 
Computer Name: D6KLM72J
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Record Number: 155
Source Name: crypt32
Time Written: 20110506110832.000000+060
Event Type: error
User: 
Computer Name: D6KLM72J
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Record Number: 154
Source Name: crypt32
Time Written: 20110506110832.000000+060
Event Type: error
User: 
Computer Name: D6KLM72J
Event Code: 1517
Message: Windows saved user D6KLM72J\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 153
Source Name: Userenv
Time Written: 20110506110304.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: D6KLM72J
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2802, fault address 0x000768d4.
Record Number: 151
Source Name: Application Error
Time Written: 20110506104957.000000+060
Event Type: error
User: 
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
-----------------EOF-----------------


----------



## Cookiegal (Aug 27, 2003)

Let's try this again on PC2 please:

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.


----------



## GIRLY1 (May 11, 2011)

*PC2* - please find aswMBR log pasted below and MBr.DAT file attached.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-08 12:47:37
-----------------------------
12:47:37.140 OS Version: Windows 5.1.2600 Service Pack 3
12:47:37.140 Number of processors: 1 586 0x401
12:47:37.156 ComputerName: D6KLM72J UserName: Admin
12:47:39.187 Initialize success
12:47:57.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:47:57.281 Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
12:47:57.296 Disk 0 MBR read successfully
12:47:57.296 Disk 0 MBR scan
12:47:57.296 Disk 0 unknown MBR code
12:47:57.312 Disk 0 scanning sectors +156232125
12:47:57.375 Disk 0 scanning C:\WINDOWS\system32\drivers
12:48:13.125 Service scanning
12:48:16.828 Disk 0 trace - called modules:
12:48:16.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
12:48:16.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f6dab8]
12:48:16.843 3 CLASSPNP.SYS[f8738fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f6ed98]
12:48:16.843 Scan finished successfully
12:50:06.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
12:50:06.171 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Have you upgraded the Adobe Flash on PC1? If not, please do that so we can see if that PC has problems with it.

In the meantime, I'm going to review everything in this entire thread that pertains to PC2 so that may take a while.


----------



## Cookiegal (Aug 27, 2003)

OK, I've gone over the entire thread.

Here are some recommendations for PC2.

Uninstall the following via the Control Panel - Add or Remove Programs:

ESET Online Scanner v3 
Google Update Helper

Delete these files manually or go to the Control Panel - Scheduled Tasks and delete the Google task(s) there:

C:\WINDOWS\tasks\*GoogleUpdateTaskMachineCore.job*
C:\WINDOWS\tasks\*GoogleUpdateTaskMachineUA.job*

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entry and then click on "Fix Checked".

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Open the Secunia PSI program interface and click on Settings and then remove the checkmark next to Start the Secunia PSI on boot.

Go to *Start *- *Run *- type in services.msc and click OK.

Double-click the Application Management service and let me know what the Service Status and Startup Type say please.

This is an XP Home machine (not Pro) correct?

Go to *Start *- *Run *- type in *devmgmt.msc* to open the Device Manager and let me know if there are any yellow exclamation marks beside any of the devices listed there please.

After doing all of the above, please post a new HijackThis log.


----------



## GIRLY1 (May 11, 2011)

> Have you upgraded the Adobe Flash on PC1?


Yes, Adobe Flash Player 10 ActiveX (10.3.181.23).

Not experiencing any problems so far.


----------



## GIRLY1 (May 11, 2011)

*PC2*



> Double-click the Application Management service and let me know what the Service Status and Startup Type say please.


Startup Type : Manual
Service status : Stopped



> This is an XP Home machine (not Pro) correct?


Correct, XP Home



> open the Device Manager and let me know if there are any yellow exclamation marks beside any of the devices listed there please.


No yellow exclamation marks beside any of the devices listed

HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:18:55, on 08/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
--
End of file - 5319 bytes


----------



## Cookiegal (Aug 27, 2003)

GIRLY1 said:


> *PC2*
> 
> Startup Type : Manual
> Service status : Stopped


Please click the arrow beside Startup Type and select "Disabled" and then click "Apply" and OK.

Did you remove those two programs and the scheduled tasks?


----------



## GIRLY1 (May 11, 2011)

*PC2*



> Please click the arrow beside Startup Type and select "Disabled" and then click "Apply" and OK.


Done



> Did you remove those two programs and the scheduled tasks?


Sorry, Yes.

The only thing that I could not action beacuse it was not there was uninstall the following via the Control Panel - Add or Remove Programs:

Google Update Helper


----------



## Cookiegal (Aug 27, 2003)

Would you please run OTS again on PC2 and attach that log.


----------



## GIRLY1 (May 11, 2011)

*PC2*

Please find attached OTS log


----------



## Cookiegal (Aug 27, 2003)

I'm sorry for the delay. Everything looks fine in the OTS log.

Please do the following on both PC1 and PC2:

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll
down to "Winlogon" and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## GIRLY1 (May 11, 2011)

*PC1 - Winlogon log*, please find pasted below. Will complete PC2 later tonight or early tomorrow.

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 11/06/2011
Time: 20:18:49
User: N/A
Computer: DELLRICE
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 1037 unused index entries from index $SII of file 0x9.
Cleaning up 1037 unused index entries from index $SDH of file 0x9.
Cleaning up 1037 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
40106272 KB total disk space.
13477360 KB in 49420 files.
18024 KB in 4626 indexes.
0 KB in bad sectors.
146436 KB in use by the system.
65536 KB occupied by the log file.
26464452 KB available on disk.
4096 bytes in each allocation unit.
10026568 total allocation units on disk.
6616113 allocation units available on disk.
Internal Info:
b0 0f 01 00 2a d3 00 00 54 13 01 00 00 00 00 00 ....*...T.......
81 0f 00 00 00 00 00 00 37 09 00 00 00 00 00 00 ........7.......
30 47 4f 02 00 00 00 00 e4 24 e6 24 00 00 00 00 0GO......$.$....
ea 5e a9 30 00 00 00 00 72 d3 06 bc 01 00 00 00 .^.0....r.......
54 b7 ae 58 01 00 00 00 5a d0 8a 74 03 00 00 00 T..X....Z..t....
99 9e 36 00 00 00 00 00 88 38 07 00 0c c1 00 00 ..6......8......
00 00 00 00 00 c0 97 36 03 00 00 00 12 12 00 00 .......6........
Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

OK. That one looks good.

Also please tell me what player you're using to watch the videos and are all videos playing slowly or just certain ones?


----------



## GIRLY1 (May 11, 2011)

*PC2 - Winlogon log*, please find pasted below.

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 12/06/2011
Time: 11:05:19
User: N/A
Computer: D6KLM72J
Description:
Checking file system on C:
The type of the file system is NTFS.
Cleaning up minor inconsistencies on the drive.
Cleaning up 702 unused index entries from index $SII of file 0x9.
Cleaning up 702 unused index entries from index $SDH of file 0x9.
Cleaning up 702 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
74927159 KB total disk space.
9324304 KB in 44352 files.
14240 KB in 3501 indexes.
0 KB in bad sectors.
123519 KB in use by the system.
65536 KB occupied by the log file.
65465096 KB available on disk.
4096 bytes in each allocation unit.
18731789 total allocation units on disk.
16366274 allocation units available on disk.
Internal Info:
00 ce 00 00 f9 ba 00 00 bb de 00 00 00 00 00 00 ................
62 00 00 00 00 00 00 00 fa 07 00 00 00 00 00 00 b...............
ba fe c7 0b 00 00 00 00 10 fe 84 26 00 00 00 00 ...........&....
f0 ba 32 22 00 00 00 00 48 c7 0d 80 08 00 00 00 ..2"....H.......
3a 99 28 1f 03 00 00 00 40 cf e5 03 0c 00 00 00 :.([email protected]
99 9e 36 00 00 00 00 00 90 38 07 00 40 ad 00 00 [email protected]
00 00 00 00 00 40 1c 39 02 00 00 00 ad 0d 00 00 [email protected]........
Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## GIRLY1 (May 11, 2011)

> Also please tell me what player you're using to watch the videos and are all videos playing slowly or just certain ones?


When watching/listening to anything on Youtube I believe it is the Adobe Flash Player 
When watching/listening to anything on BBC I believe it is the BBC Media Player 
Also from memory was watching something that was using JW Player but I cannot remember what site that was.

All videos/sound are playing slowly.


----------



## Cookiegal (Aug 27, 2003)

OK, that looks good too.

For PC2 only:

Please go to *Start *- *Run *- type in dxdiag and click OK (or hit Enter). This opens the DirectX Diagnostic Tool. Click on "Save All Information at the bottom of the opening screen. It will automatically open Notepad and the file will already have the name DxDiag. Please save it to your desktop and then copy and paste the report here.


----------



## GIRLY1 (May 11, 2011)

*PC2 - DxDiag log*, please find pasted below

------------------
System Information
------------------
Time of this report: 6/12/2011, 14:47:06
Machine name: D6KLM72J
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.101209-1647)
Language: English (Regional Setting: English)
System Manufacturer: Dell Computer Corporation
System Model: Dell DE051 
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A01
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Memory: 510MB RAM
Page File: 541MB used, 648MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode
------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.
--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)
---------------
Display Devices
---------------
Card name: Intel(R) 82865G Graphics Controller
Manufacturer: Intel Corporation
Chip type: Intel(R) 82865G Graphics Controller
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_2572&SUBSYS_01D51028&REV_02
Display Memory: 96.0 MB
Current Mode: 1024 x 768 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: ialmrnt5.dll
Driver Version: 6.14.0010.4299 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 4/5/2005 19:38:44, 38014 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: ialmnt5.sys
Mini VDD Date: 4/5/2005 19:46:28, 830684 bytes
Device Identifier: {D7B78E66-6632-11CF-5363-DF21A3C2CB35}
Vendor ID: 0x8086
Device ID: 0x2572
SubSys ID: 0x01D51028
Revision ID: 0x0002
Revision ID: 0x0002
Video Accel: 
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run
-------------
Sound Devices
-------------
Description: SoundMAX Digital Audio
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01D51028&REV_02
Manufacturer ID: 65535
Product ID: 65535
Type: WDM
Driver Name: smwdm.sys
Driver Version: 5.12.0001.7000 (English)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 3/22/2005 17:08:40, 260224 bytes
Other Files: 
Driver Provider: Analog Devices
HW Accel Level: Full
Cap Flags: 0xF5F
Min/Max Sample Rate: 100, 192000
Static/Strm HW Mix Bufs: 33, 32
Static/Strm HW 3D Bufs: 33, 32
HW Memory: 0
Voice Management: Yes
EAX(tm) 2.0 Listen/Src: Yes, Yes
I3DL2(tm) Listen/Src: Yes, Yes
Sensaura(tm) ZoomFX(tm): Yes
Registry: OK
Sound Test Result: Not run
---------------------
Sound Capture Devices
---------------------
Description: SoundMAX Digital Audio
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: smwdm.sys
Driver Version: 5.12.0001.7000 (English)
Driver Attributes: Final Retail
Date and Size: 3/22/2005 17:08:40, 260224 bytes
Cap Flags: 0x41
Format Flags: 0xCCC
-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
SoundMAX Digital Audio, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run
-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Poll w/ Interrupt: No
Registry: OK
-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x24D4
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/13/2008 19:45:37, 59520 bytes
| Driver: usbd.sys, 8/4/2004 05:00:00, 4736 bytes
----------------
Gameport Devices
----------------
------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 4/13/2008 20:18:00, 52480 bytes
| Driver: kbdclass.sys, 4/13/2008 19:39:47, 24576 bytes
| 
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/14/2008 01:13:20, 40840 bytes
| Driver: kbdclass.sys, 4/13/2008 19:39:47, 24576 bytes
| 
+ HID-compliant mouse
| Vendor/Product ID: 0x0461, 0x4D51
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 4/13/2008 19:39:47, 23040 bytes
| Driver: mouhid.sys, 8/17/2001 13:48:00, 12160 bytes
| 
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/14/2008 01:13:20, 40840 bytes
| Driver: mouclass.sys, 4/13/2008 19:39:47, 23040 bytes
----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK
-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 TCP/IP Service Provider: Wireless Network Connection - IPv4 - 
-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s
-------------------------
DirectPlay Lobbyable Apps
-------------------------
------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 63.8 GB
Total Space: 73.2 GB
File System: NTFS
Model: WDC WD800BB-75JHC0
Drive: D:
Model: HL-DT-ST CD-RW GCE-8487B
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 19:40:46, 62976 bytes
--------------
System Devices
--------------
Name: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_01D51028&REV_02\3&172E68DD&0&10
Driver: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys, 6.14.0010.4299 (English), 4/5/2005 19:46:28, 830684 bytes
Driver: C:\WINDOWS\system32\ialmrnt5.dll, 6.14.0010.4299 (English), 4/5/2005 19:38:44, 38014 bytes
Driver: C:\WINDOWS\system32\ialmdnt5.dll, 6.14.0010.4299 (English), 4/5/2005 19:38:36, 110203 bytes
Driver: C:\WINDOWS\system32\ialmdev5.dll, 6.14.0010.4299 (English), 4/5/2005 19:38:26, 194298 bytes
Driver: C:\WINDOWS\system32\ialmdd5.dll, 6.14.0010.4299 (English), 4/5/2005 19:45:44, 876666 bytes
Driver: C:\WINDOWS\system32\hccutils.dll, 3.00.0000.4299 (English), 4/5/2005 19:18:06, 73728 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.dll, 3.00.0000.4299 (English), 4/5/2005 19:19:10, 57344 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.exe, 3.00.0000.4299 (English), 4/5/2005 19:19:10, 155648 bytes
Driver: C:\WINDOWS\system32\igfxpph.dll, 3.00.0000.4299 (English), 4/5/2005 19:22:16, 143360 bytes
Driver: C:\WINDOWS\system32\igfxcpl.cpl, 3.00.0000.4299 (English), 4/5/2005 19:22:04, 77824 bytes
Driver: C:\WINDOWS\system32\igfxcfg.exe, 3.00.0000.4299 (English), 4/5/2005 19:21:56, 434176 bytes
Driver: C:\WINDOWS\system32\igfxdev.dll, 3.00.0000.4299 (English), 4/5/2005 19:18:22, 131072 bytes
Driver: C:\WINDOWS\system32\igfxdo.dll, 3.00.0000.4299 (English), 4/5/2005 19:19:24, 86016 bytes
Driver: C:\WINDOWS\system32\igfxtray.exe, 3.00.0000.4299 (English), 4/5/2005 19:22:32, 94208 bytes
Driver: C:\WINDOWS\system32\igfxzoom.exe, 3.00.0000.4299 (English), 4/5/2005 19:23:00, 114688 bytes
Driver: C:\WINDOWS\system32\hkcmd.exe, 3.00.0000.4299 (English), 4/5/2005 19:19:18, 77824 bytes
Driver: C:\WINDOWS\system32\igfxress.dll, 3.00.0000.4299 (English), 4/5/2005 19:22:22, 1503232 bytes
Driver: C:\WINDOWS\system32\igfxpers.exe, 3.00.0000.4299 (English), 4/5/2005 19:23:14, 114688 bytes
Driver: C:\WINDOWS\system32\igfxrara.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:24, 122880 bytes
Driver: C:\WINDOWS\system32\igfxrchs.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:24, 81920 bytes
Driver: C:\WINDOWS\system32\igfxrcht.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:26, 81920 bytes
Driver: C:\WINDOWS\system32\igfxrdan.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:26, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrdeu.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:26, 155648 bytes
Driver: C:\WINDOWS\system32\igfxrenu.lrc, 3.00.0000.4299 (English), 4/5/2005 19:18:28, 135168 bytes
Driver: C:\WINDOWS\system32\igfxresp.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:28, 151552 bytes
Driver: C:\WINDOWS\system32\igfxrfin.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:28, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrfra.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:28, 147456 bytes
Driver: C:\WINDOWS\system32\igfxrheb.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:28, 122880 bytes
Driver: C:\WINDOWS\system32\igfxrita.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:30, 151552 bytes
Driver: C:\WINDOWS\system32\igfxrjpn.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:30, 98304 bytes
Driver: C:\WINDOWS\system32\igfxrkor.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:30, 98304 bytes
Driver: C:\WINDOWS\system32\igfxrnld.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:30, 151552 bytes
Driver: C:\WINDOWS\system32\igfxrnor.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:32, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrplk.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:32, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrptb.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:32, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrptg.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:32, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrrus.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:34, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrsve.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:34, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrtha.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:34, 126976 bytes
Driver: C:\WINDOWS\system32\igfxrcsy.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:26, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrell.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:28, 155648 bytes
Driver: C:\WINDOWS\system32\igfxrhun.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:30, 147456 bytes
Driver: C:\WINDOWS\system32\igfxrtrk.lrc, 3.00.0000.4299 (English), 4/5/2005 19:23:34, 135168 bytes
Driver: C:\WINDOWS\system32\igfxext.exe, 3.00.0000.4299 (English), 4/5/2005 19:23:06, 86016 bytes
Driver: C:\WINDOWS\system32\igfxexps.dll, 3.00.0000.4299 (English), 4/5/2005 19:23:08, 36864 bytes
Driver: C:\WINDOWS\system32\ialmrem.dll, 6.14.0010.4299 (English), 4/5/2005 19:38:40, 49152 bytes
Driver: C:\WINDOWS\system32\ialmgicd.dll, 6.14.0010.4299 (English), 4/5/2005 19:29:22, 2289664 bytes
Driver: C:\WINDOWS\system32\ialmgdev.dll, 6.14.0010.4299 (English), 4/5/2005 19:31:10, 512000 bytes
Driver: C:\WINDOWS\system32\iAlmCoIn_v4299.dll, 1.00.1000.0001 (English), 4/5/2005 19:38:38, 61440 bytes
Name: Intel(R) 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Device ID: PCI\VEN_8086&DEV_2570&SUBSYS_00000000&REV_02\3&172E68DD&0&00
Driver: n/a
Name: Intel(R) 82801EB USB Universal Host Controller - 24DE
Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_01D51028&REV_02\3&172E68DD&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01D51028&REV_02\3&172E68DD&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/14/2008 01:11:54, 7168 bytes
Name: Intel(R) 82801EB Ultra ATA Storage Controllers
Device ID: PCI\VEN_8086&DEV_24DB&SUBSYS_01D51028&REV_02\3&172E68DD&0&F9
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/17/2001 13:51:52, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5512 (English), 4/13/2008 19:40:29, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5512 (English), 4/13/2008 19:40:30, 96512 bytes
Name: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01D51028&REV_02\3&172E68DD&0&FD
Driver: n/a
Name: Intel(R) 82801EB USB Universal Host Controller - 24D4
Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_01D51028&REV_02\3&172E68DD&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Intel(R) 82801EB SMBus Controller - 24D3
Device ID: PCI\VEN_8086&DEV_24D3&SUBSYS_01D51028&REV_02\3&172E68DD&0&FB
Driver: n/a
Name: Intel(R) 82801EB USB Universal Host Controller - 24D2
Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_01D51028&REV_02\3&172E68DD&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Intel(R) 82801EB LPC Interface Controller - 24D0
Device ID: PCI\VEN_8086&DEV_24D0&SUBSYS_00000000&REV_02\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:41, 37248 bytes
Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_C2\3&172E68DD&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:44, 68224 bytes
Name: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Driver: C:\WINDOWS\system32\DRIVERS\e100b325.sys, 7.01.0012.0000 (English), 2/10/2004 20:49:14, 154112 bytes
Driver: C:\WINDOWS\system32\Prounstl.exe, 7.00.0006.0000 (English), 11/21/2003 20:26:42, 118784 bytes
Driver: C:\WINDOWS\system32\e100b325.din, 6/27/2002 09:53:38, 5110 bytes
Driver: C:\WINDOWS\system32\IntelNic.dll, 2.05.0001.0000 (English), 7/28/2003 10:55:40, 24064 bytes
Driver: C:\WINDOWS\system32\e100bmsg.dll, 2/18/2004 22:40:00, 12288 bytes
------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 279552 bytes
ddrawex.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 10496 bytes
d3d8.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 1179648 bytes
d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 8192 bytes
d3d9.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 436224 bytes
d3dim700.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/4/2004 05:00:00 33040 bytes
dplayx.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 229888 bytes
dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/4/2004 05:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 57344 bytes
dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:17 29696 bytes
dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:17 17920 bytes
dpnet.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 375296 bytes
dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:09:20 3072 bytes
dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:09:19 3072 bytes
dpvoice.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 212480 bytes
dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:18 83456 bytes
dpvvox.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 116736 bytes
dpvacm.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 21504 bytes
dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 35328 bytes
dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/4/2004 05:00:00 53520 bytes
dinput.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 158720 bytes
dinput8.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 394240 bytes
joy.cpl: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:41 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/4/2004 05:00:00 76800 bytes
pid.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:02 35328 bytes
dsound.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 367616 bytes
dsound3d.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 1293824 bytes
dswave.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 19456 bytes
dsdmo.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 181248 bytes
dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 71680 bytes
dmusic.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 104448 bytes
dmband.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 28672 bytes
dmcompos.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 61440 bytes
dmime.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 181248 bytes
dmloader.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 35840 bytes
dmstyle.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 105984 bytes
dmsynth.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 103424 bytes
dmscript.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 82432 bytes
system.dll: 1.01.4322.2470 English Final Retail 6/3/2011 20:47:40 1232896 bytes
dx7vb.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 619008 bytes
dx8vb.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 1227264 bytes
dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 2113536 bytes
mfc40.dll: 4.01.0000.6151 English Beta Retail 9/18/2010 07:53:25 954368 bytes
mfc42.dll: 6.02.8081.0000 English Final Retail 2/8/2011 14:33:55 978944 bytes
wsock32.dll: 5.01.2600.5512 English Final Retail 4/14/2008 01:12:10 22528 bytes
amstream.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:49 70656 bytes
devenum.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:51 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 4/14/2008 01:11:52 498742 bytes
mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:56 35328 bytes
mpg2splt.ax: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:42 148992 bytes
msdmo.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:59 14336 bytes
encapi.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:53 20480 bytes
qasf.dll: 10.00.0000.3646 English Final Retail 8/11/2004 01:45:04 221184 bytes
qcap.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 192512 bytes
qdv.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 279040 bytes
qdvd.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 386048 bytes
qedit.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 562176 bytes
qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 18:21:32 733696 bytes
quartz.dll: 6.05.2600.5933 English Final Retail 2/5/2010 19:27:45 1291776 bytes
strmdll.dll: 4.01.0000.3938 English Final Retail 8/26/2009 09:00:21 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 4/14/2008 01:12:42 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 4/14/2008 01:12:42 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/14/2008 01:11:55 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/14/2008 01:11:55 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/14/2008 01:11:55 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/14/2008 01:11:55 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/14/2008 01:11:55 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/14/2008 01:12:42 154624 bytes
mswebdvd.dll: 6.05.2600.5857 English Final Retail 8/5/2009 10:01:48 204800 bytes
ks.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:36 141056 bytes
ksproxy.ax: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:42 129536 bytes
ksuser.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:56 4096 bytes
stream.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:45:15 49408 bytes
mspclock.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:39:50 5376 bytes
mspqm.sys: 5.01.2600.5512 English Final Retail 4/13/2008 19:39:51 4992 bytes
mskssrv.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:39:52 7552 bytes
swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:39:53 4352 bytes
mpeg2data.ax: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:42 118272 bytes
msvidctl.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:01 1428992 bytes
vbisurf.ax: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:42 30208 bytes
msyuv.dll: 5.03.2600.5908 English Final Retail 11/27/2009 18:11:44 17920 bytes
wstdecod.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:10 50688 bytes
------------------
DirectShow Filters
------------------
DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.5933
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.5933
WM ASF Reader,0x00400000,0,0,qasf.dll,10.00.0000.3646
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.5933
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.5933
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.5512
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.6076
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5933
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.5933
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.06.0000.0052
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.5512
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
Sonic DVD-VR Navigator,0x00200000,0,2,SonicDVDDashVRNav.dll,1.03.0000.0116
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5933
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.5933
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,9.00.0000.4503
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASX file Parser,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,9.00.0000.4503
NSC file Parser,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.5933
Windows Media source filter,0x00600000,0,2,wmpasf.dll,9.00.0000.4503
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5933
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.6076
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.5512
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.5933
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.5933
WM ASF Writer,0x00400000,0,0,qasf.dll,10.00.0000.3646
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4504
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.5512
Sonic Cinemaster® MCE Audio Decoder,0x00710000,1,1,CinemasterAudio.DLL,2.08.0006.1418
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.5512
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.5933
.RAM file Parser,0x00600000,1,0,wmpasf.dll,9.00.0000.4503
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.5512
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,9.00.0000.4503
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASF URL Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.4503
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.5512
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.5512
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,mpeg2data.ax,
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.6076
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.5512
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5933
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.5933
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.5933
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.5933
XML Playlist,0x00400000,1,0,wmpasf.dll,9.00.0000.4503
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.5933
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.5933
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.5933
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Sonic Cinemaster® DS VCD Navigator,0x00200000,0,3,CinemasterVCDNav.dll,1.00.0000.0185
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5933
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.5933
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003
WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,,
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.5512
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.5512
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.5512
Video Compressors:
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
WMVideo Advanced Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.5933
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512
Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.5933
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5933
PCM,0x00200000,1,1,quartz.dll,6.05.2600.5933
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5933
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.5933
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.5933
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.5933
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.5933
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.5933
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.5933
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.5933
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.5933
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.5933
Audio Capture Sources:
SoundMAX Digital Audio,0x00200000,0,0,qcap.dll,6.05.2600.5512
Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.5933
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.5933
WDM Streaming Capture Devices:
SoundMAX Digital Audio,0x00000000,0,0,,
WDM Streaming Rendering Devices:
SoundMAX Digital Audio,0x00000000,0,0,,
BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,mpeg2data.ax,
WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,
BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.6076
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.6076
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.6076
Audio Renderers:
SoundMAX Digital Audio,0x00200000,1,0,quartz.dll,6.05.2600.5933
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.5933
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.5933
DirectSound: SoundMAX Digital Audio,0x00200000,1,0,quartz.dll,6.05.2600.5933
WDM Streaming System Devices:
SoundMAX Digital Audio,0x00200000,11,2,,5.03.2600.5512


----------



## Cookiegal (Aug 27, 2003)

I'd like you to do a test when playing a video please. Let's use a YouTube one for the test.

Have all other windows closed so nothing else is running needlessly and while the video is playing call up the Task Manager (Ctrl-Alt-Del) and if not already there click on the Processes tab. If you double-click on the CPU heading it will be easier to see what application is using the most of the resources as they will all be at the top. You can capture a screenshot and upload that or jot them down and post them. They may flucuate and vary during the process but we want to see what's using the highest numbers.

Also, click on the Performance tab and take a screenshot of what you see there and upload that please.


----------



## GIRLY1 (May 11, 2011)

*PC2* - Please find attached screen shots for processor and performance


----------



## Cookiegal (Aug 27, 2003)

And when you played the video is played slowly?

Can you explain how it plays? Does it run fine a bit and then slow down or is it just playing in a consistent slow pattern? Is the sound always there or is it choppy?

Do you get messages saying the system is low on virtual memory?


----------



## Cookiegal (Aug 27, 2003)

Do you remember which video you used? Can you give me a link to it so I can run it on my machine?


----------



## GIRLY1 (May 11, 2011)

*PC2*

I'm sorry but I can't seem to find the video that I played. So I have done the excercise again for you. I have attached new screen shots. And the the link of the video is

'http://www.youtube.com/watch?v=bRdo7WXTVoM



> Can you explain how it plays?


Throughout when the video/sound is playing it plays fine then it slows down( sound is like croakey) before playing back at normal speed, can be choppy at times and inconsistent, sometimes jumps(millisec jumps) when it should be smooth and consistent when playing.



> Do you get messages saying the system is low on virtual memory?


The only messages that I get periodically and not neccessarily when playing the videos is of High CPU Usage and High Memory Usage.


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, I can't watch the video due to country retrictions. But would you please do the same exercise on PC1 running the same video. Try to capture the readings at their highest point so you may have to run it mroe than once to capture it at that point.


----------



## GIRLY1 (May 11, 2011)

*PC1 *- Please find attached screenshots.


----------



## valis (Sep 24, 2004)

just to check something, does this happen with ALL youtube videos, or just that one?


----------



## GIRLY1 (May 11, 2011)

> just to check something, does this happen with ALL youtube videos, or just that one?


Yes, it happens all the time/every time I play something, whether it be a song on Youtube, news story on BBC or anything else on any other site.
Even the the four tone windows sound when logging on/off is the same. Slow, croaky and unclear.

Thanks


----------



## valis (Sep 24, 2004)

well, it's obviously IE that is thrashing your processor........that's a huge amount of memory and processor usage for that app. The question is 'why is IE doing that'..........

try going here and running the test at the top.......let us know if your processor bogs down when it's doing that.


----------



## Cookiegal (Aug 27, 2003)

Thanks Tim. And the bigger question is why on this PC? The one that isn't having the problem?


----------



## Cookiegal (Aug 27, 2003)

I wonder if NIS was running as can in the background.


----------



## valis (Sep 24, 2004)

Cookiegal said:


> Thanks Tim. And the bigger question is why on this PC? The one that isn't having the problem?


I dunno. Also note that on the affected PC, the memory usage is about 25% less, but the processor is just getting hammered.

Is this the state of the PC whenever IE is opened, or only when a flash app is running? Judging from the history line, I'd say it's just whenever IE is opened, but wanted to make sure.

The question is still, why is IE hitting the processor that hard?

Has anyone thought of resetting all default settings in IE to see if that eases it?


----------



## Cookiegal (Aug 27, 2003)

Could overheating be an issue? Do you clean this computer inside reguarly and when was the last time that was done?


----------



## valis (Sep 24, 2004)

Overheating could be, but I think we'd see more stress on the processor across the board, not just with one isolated app.......this is why I'm scratching my head.

Blowing it out certainly couldn't hurt; that's always a good thing. I'm also assuming you verified that the flash was the same versions on both rigs? I'm almost tempted to recommend trying FF 3.5 (not that thrilled with the new FF). 

but I'll leave that up to you, Cookiegal.........


----------



## Cookiegal (Aug 27, 2003)

The Flash is the latest one on PC2 (the one with the problem but not the one spiking the CPU). PC1 I'm not sure. We had a little problem with buffering when it was upgraded to the latest version so we installed a slightly older version for troubleshooting but I believe we went back to the latest one and it no longer has any problems (but this is the one spiking the CPU now yet apparently no problems playing the video). 

We'll have to wait for GIRLY1 to answer the questions here and confirm this for us.


----------



## GIRLY1 (May 11, 2011)

*PC1* - Flash Player 10 ActiveX - Ver : 10.3.181.23

*PC2* - Flash Player 10 ActiveX - Ver : 10.3.181.23



> try going here and running the test at the top.......let us know if your processor bogs down when it's doing that.


Went to the link provided and it just advises what version I'm currently on and download latest version link. Could not see a anything at the top to run a test. Please advise.



> I dunno. Also note that on the affected PC, the memory usage is about 25% less, but the processor is just getting hammered.
> Is this the state of the PC whenever IE is opened, or only when a flash app is running? Judging from the history line, I'd say it's just whenever IE is opened, but wanted to make sure.


I have done the following excercise again on both PC's.

I opened 5 IE windows and took screen shots - see attached (process pc1/process pc2 & perform pc1/perform pc2)
Then leaving the 5 IE windows open, opened a 6th window and played youtube - see attached (process pc1 queen/process pc2 queen & perform pc1 queen/perform pc2 queen)

The song I was playing was : Queen - I want to break free.(by QueenVEVO)



> Could overheating be an issue? Do you clean this computer inside reguarly and when was the last time that was done?


Doesn't seem to be overheating and has pleanty of ventilation.
No have not cleaned inside at all. But will do.

This problem is only on PC2 and only started after downloading a newer version of Flash player as indicated in post 46. Before this there was no problems at all playing with the any songs.


----------



## GIRLY1 (May 11, 2011)

PC1 screenshots


----------



## Cookiegal (Aug 27, 2003)

Let's try uninstalling Adobe Flash and reinstalling it again on both PCs. Use the removal tool first:

http://kb2.adobe.com/cps/141/tn_14157.html

Then reboot the machine and install the latest version which has already been updated to 10.3.181.26:

http://get.adobe.com/flashplayer/

Then see if there's any difference.


----------



## GIRLY1 (May 11, 2011)

Thats done now on both PC1 & PC2.

No difference.

I have now copied what I need on PC3. Please advise on instructions as to how to reformat as I do not know as to where to start.. Also is there anything else that I would need before reformatting?

Thanks


----------



## Cookiegal (Aug 27, 2003)

Please start a new thread for assistance with reformatting as that's not really my area.

But you will need to be sure you have all of the necessary drivers first. You may have them on a CD provided when you purchased the computer or you may have to download them before formatting.

Can you tell me how old both PC1 and PC2 are and did you get them brand new?


----------



## GIRLY1 (May 11, 2011)

PC1 - Age : Dec 2003 - Bought second hand
PC2 - Age : April 2006 - Bought second hand


----------



## Cookiegal (Aug 27, 2003)

Ooooh boy. 

Do you know how old they were when you got them?

Were they reformatted when you took them over and/or have they ever been reformatted since you've had them?

I'd like you to check the paging file settings on both PC1 and PC2 please.

Right-click on "My Computer" and select "Properties" then click on the Advanced tab. Under "Performance" click on "Settings" then click on the Advanced tab. Now under Virtual Memory click on "Change" and post a screen shot of what you see there please for both PCs.


----------



## GIRLY1 (May 11, 2011)

> Do you know how old they were when you got them?


Sorry, no.



> Were they reformatted when you took them over and/or have they ever been reformatted since you've had them?


Not sure if they were formatted or not. For PC2, I do know that it was restored from it's own hard drive. And that it was set to factory settings.

Sorry, that's all I know. Have I done something wrong?

Please see attached screen shots for paging file settings.


----------



## Cookiegal (Aug 27, 2003)

No, you haven't done anything wrong. It's just that they are very old, especially since they were not purchased new so we don't really know how old they are. We may be fighting a losing battle to get them in tip top shape. I suspect drivers should also be updated and that might help the performance.

Despite all the work we've done, if you can reformat them after backing up important stuff, getting all necessary drivers and throwing in another 512 of RAM, that would probably be the best route to go. But we can continue to try various things that may help if you want to.


----------



## GIRLY1 (May 11, 2011)

Thankyou for your offer on trying other things for PC1 and PC2.
I believe with PC1 and PC2 they are stable and have taken them as far as we can to get them up straight. They may not be 100% but are in a much better shape than before and usable, so thankyou for that:up:. I can live with PC2 with its playing issue. 
I do not want to take more of your time than is neccessary. So with your agreement I'd like to suggest that we move onto PC3.
I have taken your advise and PC3 is a different machine with a higher spec and reformatted.

I have pasted below HijackThis log for PC3. I have installed Avira antivirus. Please advise what you would like me to do first.
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:06:41, on 25/06/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\D-Link\AirPlus G\AirGCFG.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exeO4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe--End of file - 2906 bytes


----------



## Cookiegal (Aug 27, 2003)

Sounds good to me.

I can't read the HijackThis log in that format and don't think it's complete either and it looks like SP3 hasn't been installed, which is should have right after reformatting. With the log open in Notepad, click on "Format" and make sure "word wrap" is not checked there. Please post a new log.


----------



## GIRLY1 (May 11, 2011)

Sorry about that, here you go. Had to post it from PC2 after copying it to USB stick as PC3 did not want to copy it correctly in the correct format even after doing wordwrap.
Happy to download SP3 like we did last time.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:44, on 25/06/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
--
End of file - 2914 bytes


----------



## Cookiegal (Aug 27, 2003)

Short and sweet and tidy. That's how I like to see the logs. :up:

You do need to upgrade to Internet Explorer 8 though. Even if you don't use the browser, it's used automatically by the system when updating and IE6 is vulernable to exploits. 

Do you use the Windows Messenger Utility? If not, you can stop it from starting up by doing the following:

Gl to Start - All Programs and click on Windows Messenger to open the interface then click on Tools - Options - Preferences and uncheck "Run this program when Windows starts".

And definitely install SP3 as well.

Are there any other issues or questions?


----------



## GIRLY1 (May 11, 2011)

Do I upgradeto IE 8 first and then SP3? Any specific links or should I use ones as previously advised.?Will stop Windows Messenger as I do not use it. Thanks


----------



## Cookiegal (Aug 27, 2003)

You should install SP3 first and you should get that through Windows Update. You must have chosen to hide it there and not be asked again to install it. Choose to unhide any updates and it should be there.


----------



## GIRLY1 (May 11, 2011)

Something is not right. I went through windows update and I thought it was updating to SP3. It updated about 90 files and also forced me to load IE8.
I have just checked and it is still on SP 2.

Not sure what I am doing wrong. Help required.


----------



## Cookiegal (Aug 27, 2003)

Did you download updates after reformatting? Because it's normal that there would be a lot of them.

Please post an uninstall list using HijackThis:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## GIRLY1 (May 11, 2011)

I believe you are correct. Pasted below, Uninstall list

AirPlus G
ANIO Service
ANIWZCS2 Service
Avira AntiVir Personal - Free Antivirus
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 6 Service Pack 2 (KB973686)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic Encoders
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768


----------



## Cookiegal (Aug 27, 2003)

Try going to Windows Update again. It won't offer SP3 if there are other updates the first time around. Le me know if it's still not offered.


----------



## GIRLY1 (May 11, 2011)

Ok, thats done. SP3 installed.

I am getting the Found New Hardware Wizard pop up box everytime it reboots. Not sure what this is for and click on cancel.


----------



## Cookiegal (Aug 27, 2003)

What USB devices do you have connected (i.e. printer, external hard drive, etc.)?


----------



## GIRLY1 (May 11, 2011)

There are none connected, that's why a little confused.

All there is is a DELL USB keyboard and Microsoft Wireless Mouse USB Receiver.
And the monitor.


----------



## Cookiegal (Aug 27, 2003)

There's no printer?


----------



## GIRLY1 (May 11, 2011)

There is but its not connected to any of the PC's at present. Certainly not PC3 while getting it up straight.


----------



## Cookiegal (Aug 27, 2003)

The wizard should tell you what device it's related to on the screen where it says "This wizard helps you install software for". What does it say there?


----------



## GIRLY1 (May 11, 2011)

A small balloon popup advises the following;

Audio Device on High Definition Audio Bus


----------



## Cookiegal (Aug 27, 2003)

It looks like the sound drivers weren't loaded.

Please go to Start - Run - type in dxdiag and click OK. Then click the button to save all information in Notepad and copy and paste the log here please.


----------



## GIRLY1 (May 11, 2011)

After Start - Run - type in dxdiag and click OK

I'm getting the following popup box saying the following;

Do you want to allow DxDiag to check if your drivers are digitally signed as log'd by Microsoft's Windows Hardware Quality Labs (WHQL)? This may cause Windows to connect to the Internet to download nnew WHQL certificates. No information is retrieved from your system. We recommend answering 'Yes' so that DxDiag has more complete information about your system.

Not sure if I should Yes or No, please advise. Thanks


----------



## Cookiegal (Aug 27, 2003)

No, it's not necessary.


----------



## GIRLY1 (May 11, 2011)

*PC3*
Please find DxDiag log pasted below

------------------
System Information
------------------
Time of this report: 6/29/2011, 19:50:55
Machine name: CCC86AAD
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.101209-1647)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc. 
System Model: Dell DXP061 
BIOS: Phoenix ROM BIOS PLUS Version 1.10 2.0.4 
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (2 CPUs)
Memory: 2046MB RAM
Page File: 303MB used, 3634MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode
------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: The system is using the generic video driver. Please install video driver provided by the hardware manufacturer. Direct3D functionality not available. You should verify that the driver is a final version from the hardware manufacturer.
Sound Tab 1: No sound card was found. If one is expected, you should install a sound driver provided by the hardware manufacturer.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.
--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)
---------------
Display Devices
---------------
Card name: 
Manufacturer: 
Chip type: 
DAC type: 
Device Key: Enum\
Display Memory: n/a
Current Mode: 800 x 600 (32 bit) (1Hz)
Monitor: 
Monitor Max Res: 
 Driver Name: vga.dll
Driver Version: 5.01.2600.0000 (English)
DDI Version: unknown
Driver Attributes: Final Retail
Driver Date/Size: 8/10/2004 12:00:00, 9344 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: vga.sys
Mini VDD Date: 4/13/2008 19:44:40, 20992 bytes
Device Identifier: {D7B70EE0-4340-11CF-B063-282AAEC2C835}
Vendor ID: 0x0000
Device ID: 0x0000
SubSys ID: 0x00000000
Revision ID: 0x0000
Revision ID: 0x0000
Video Accel: 
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Not Available
D3D Status: Not Available
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run
-------------
Sound Devices
-------------
Description: 
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: 
Manufacturer ID: 
Product ID: 
Type: 
Driver Name: 
Driver Version: 
Driver Attributes: 
WHQL Logo'd: 
Date and Size: 
Other Files: 
Driver Provider: 
HW Accel Level: Emulation Only
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run
---------------------
Sound Capture Devices
---------------------
-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Registry: OK
Test Result: Not run
-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: Microsoft Wireless Optical Mouse® 1.00
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x045E, 0x00E1
FF Driver: n/a
Poll w/ Interrupt: No
Registry: OK
-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x2834
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/13/2008 19:45:37, 59520 bytes
| Driver: usbd.sys, 8/10/2004 12:00:00, 4736 bytes
| 
+-+ USB Human Interface Device
| | Vendor/Product ID: 0x045E, 0x00E1
| | Location: Microsoft Wireless Optical Mouse® 1.00
| | Matching Device ID: usb\class_03&subclass_01
| | Service: HidUsb
| | Driver: hidusb.sys, 4/13/2008 19:45:27, 10368 bytes
| | Driver: hidclass.sys, 4/13/2008 19:45:26, 36864 bytes
| | Driver: hidparse.sys, 4/13/2008 19:45:22, 24960 bytes
| | Driver: hid.dll, 4/14/2008 01:11:54, 20992 bytes
| | 
| +-+ HID Non-User Input Data Filter (KB 911895)
| | | Vendor/Product ID: 0x045E, 0x00E1
| | | Matching Device ID: hid\vid_045e&pid_00e1&col01
| | | Service: NuidFltr
| | | Driver: hidserv.dll, 8/4/2004 00:56:44, 21504 bytes
| | | Driver: nuidfltr.sys, 5/9/2009 01:14:20, 14736 bytes
| | | Driver: wdfcoinstaller01005.dll, 5/9/2009 01:14:52, 1418120 bytes
| | | 
| +-+ HID-compliant mouse
| | | Vendor/Product ID: 0x045E, 0x00E1
| | | Matching Device ID: hid_device_system_mouse
| | | Service: mouhid
| | | Driver: mouclass.sys, 4/13/2008 19:39:47, 23040 bytes
| | | Driver: mouhid.sys, 8/10/2004 12:00:00, 12160 bytes
| | 
+-+ USB Human Interface Device
| | Vendor/Product ID: 0x413C, 0x2003
| | Location: Dell USB Keyboard
| | Matching Device ID: usb\class_03&subclass_01
| | Service: HidUsb
| | Driver: hidusb.sys, 4/13/2008 19:45:27, 10368 bytes
| | Driver: hidclass.sys, 4/13/2008 19:45:26, 36864 bytes
| | Driver: hidparse.sys, 4/13/2008 19:45:22, 24960 bytes
| | Driver: hid.dll, 4/14/2008 01:11:54, 20992 bytes
| | 
| +-+ HID Keyboard Device
| | | Vendor/Product ID: 0x413C, 0x2003
| | | Matching Device ID: hid_device_system_keyboard
| | | Service: kbdhid
| | | Driver: kbdhid.sys, 4/13/2008 19:39:48, 14592 bytes
| | | Driver: kbdclass.sys, 4/13/2008 19:39:47, 24576 bytes
----------------
Gameport Devices
----------------
------------
PS/2 Devices
------------
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/14/2008 01:13:20, 40840 bytes
| Driver: kbdclass.sys, 4/13/2008 19:39:47, 24576 bytes
| 
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/14/2008 01:13:20, 40840 bytes
| Driver: mouclass.sys, 4/13/2008 19:39:47, 23040 bytes
----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
DirectPlay Voice Wizard Tests: Full Duplex: , Half Duplex: , Mic: 
DirectPlay Test Result: Not run
Registry: OK
-------------------
DirectPlay Adapters
-------------------
DirectPlay8 TCP/IP Service Provider: Wireless Network Connection - IPv4 - 
-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s
-------------------------
DirectPlay Lobbyable Apps
-------------------------
------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 210.7 GB
Total Space: 224.1 GB
File System: NTFS
Model: ARRAY
Drive: D:
Free Space: 76.2 GB
Total Space: 76.3 GB
File System: NTFS
Model: ARRAY
Drive: I:
Model: TSSTcorp DVD+-RW TS-H553A
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 19:40:46, 62976 bytes
--------------
System Devices
--------------
Name: PCI standard PCI-to-PCI bridge
Device ID: PCI\VEN_8086&DEV_29A1&SUBSYS_00000000&REV_02\3&172E68DD&0&08
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:44, 68224 bytes
Name: PCI standard host CPU bridge
Device ID: PCI\VEN_8086&DEV_29A0&SUBSYS_00000000&REV_02\3&172E68DD&0&00
Driver: n/a
Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_284B&SUBSYS_01DB1028&REV_02\3&172E68DD&0&D8
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 17:36:05, 144384 bytes
Name: PCI standard PCI-to-PCI bridge
Device ID: PCI\VEN_8086&DEV_2847&SUBSYS_00000000&REV_02\3&172E68DD&0&E4
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:44, 68224 bytes
Name: PCI standard PCI-to-PCI bridge
Device ID: PCI\VEN_8086&DEV_283F&SUBSYS_00000000&REV_02\3&172E68DD&0&E0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:44, 68224 bytes
Name: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01DB1028&REV_02\3&172E68DD&0&FB
Driver: n/a
Name: Standard Enhanced PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_283A&SUBSYS_01DB1028&REV_02\3&172E68DD&0&D7
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/14/2008 01:11:54, 7168 bytes
Name: Standard Enhanced PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_2836&SUBSYS_01DB1028&REV_02\3&172E68DD&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/14/2008 01:11:54, 7168 bytes
Name: Standard Universal PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_2835&SUBSYS_01DB1028&REV_02\3&172E68DD&0&D1
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Standard Universal PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_2834&SUBSYS_01DB1028&REV_02\3&172E68DD&0&D0
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Standard Universal PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_2832&SUBSYS_01DB1028&REV_02\3&172E68DD&0&EA
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Standard Universal PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_2831&SUBSYS_01DB1028&REV_02\3&172E68DD&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Standard Universal PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_2830&SUBSYS_01DB1028&REV_02\3&172E68DD&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 01:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 19:45:37, 59520 bytes
Name: Intel(R) ICH8R/DO/DH SATA RAID Controller
Device ID: PCI\VEN_8086&DEV_2822&SUBSYS_01DB1028&REV_02\3&172E68DD&0&FA
Driver: C:\WINDOWS\system32\DRIVERS\iaStor.sys, 6.00.0000.1022 (English), 5/11/2006 17:30:52, 247808 bytes
Name: PCI standard ISA bridge
Device ID: PCI\VEN_8086&DEV_2812&SUBSYS_00000000&REV_02\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:41, 37248 bytes
Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_F2\3&172E68DD&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 19:36:44, 68224 bytes
Name: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_01DB1028&REV_02\3&172E68DD&0&C8
Driver: n/a
Name: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_0292&SUBSYS_037010DE&REV_A1\4&F15FA5E&0&0008
Driver: n/a
------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 279552 bytes
ddrawex.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 10496 bytes
d3d8.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 1179648 bytes
d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 8192 bytes
d3d9.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 436224 bytes
d3dim700.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:51 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/10/2004 12:00:00 33040 bytes
dplayx.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 229888 bytes
dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/10/2004 12:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 57344 bytes
dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:17 29696 bytes
dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:17 17920 bytes
dpnet.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 375296 bytes
dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:09:20 3072 bytes
dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:09:19 3072 bytes
dpvoice.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 212480 bytes
dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:18 83456 bytes
dpvvox.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 116736 bytes
dpvacm.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 21504 bytes
dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 35328 bytes
dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/10/2004 12:00:00 53520 bytes
dinput.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 158720 bytes
dinput8.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 394240 bytes
joy.cpl: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:41 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/10/2004 12:00:00 76800 bytes
pid.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:02 35328 bytes
dsound.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 367616 bytes
dsound3d.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 1293824 bytes
dswave.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 19456 bytes
dsdmo.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 181248 bytes
dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 71680 bytes
dmusic.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 104448 bytes
dmband.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 28672 bytes
dmcompos.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 61440 bytes
dmime.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 181248 bytes
dmloader.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 35840 bytes
dmstyle.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 105984 bytes
dmsynth.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 103424 bytes
dmscript.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 82432 bytes
system.dll: 1.00.3705.6060 English Final Retail 6/26/2011 16:43:50 1179648 bytes
system.dll: 1.01.4322.2470 English Final Retail 6/26/2011 17:03:37 1232896 bytes
dx7vb.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 619008 bytes
dx8vb.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 1227264 bytes
dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:52 2113536 bytes
mfc40.dll: 4.01.0000.6151 English Beta Retail 9/18/2010 07:53:25 954368 bytes
mfc42.dll: 6.02.8081.0000 English Final Retail 2/8/2011 14:33:55 978944 bytes
wsock32.dll: 5.01.2600.5512 English Final Retail 4/14/2008 01:12:10 22528 bytes
amstream.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:49 70656 bytes
devenum.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:51 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 4/14/2008 01:11:52 498742 bytes
mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:56 35328 bytes
mpg2splt.ax: 6.05.2710.2732 English Final Retail 8/5/2005 21:06:50 165376 bytes
msdmo.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:11:59 14336 bytes
encapi.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:11:53 20480 bytes
qasf.dll: 10.00.0000.4332 English Final Retail 8/4/2005 02:29:52 221184 bytes
qcap.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 192512 bytes
qdv.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 279040 bytes
qdvd.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 386048 bytes
qedit.dll: 6.05.2600.5512 English Final Retail 4/14/2008 01:12:03 562176 bytes
qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 18:21:32 733696 bytes
quartz.dll: 6.05.2600.5933 English Final Retail 2/5/2010 19:27:45 1291776 bytes
strmdll.dll: 4.01.0000.3938 English Final Retail 8/26/2009 09:00:21 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 4/14/2008 01:12:42 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 4/14/2008 01:12:42 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/14/2008 01:11:55 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/14/2008 01:11:55 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/14/2008 01:11:55 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/14/2008 01:11:55 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/14/2008 01:11:55 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/14/2008 01:12:42 154624 bytes
mswebdvd.dll: 6.05.2600.5857 English Final Retail 8/5/2009 10:01:48 204800 bytes
ks.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:36 141056 bytes
stream.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:45:15 49408 bytes
swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:39:53 4352 bytes
msdvbnp.ax: 6.05.2710.2732 English Final Retail 8/5/2005 22:01:54 58368 bytes
psisdecd.dll: 6.05.2710.2732 English Final Retail 8/5/2005 22:01:54 239104 bytes
psisrndr.ax: 6.05.2710.2732 English Final Retail 8/5/2005 22:02:00 224256 bytes
mpeg2data.ax: 6.05.2710.2732 English Final Retail 8/5/2005 22:01:54 62976 bytes
msvidctl.dll: 6.05.2715.2773 English Final Retail 10/11/2005 08:39:32 1669120 bytes
vbisurf.ax: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:42 30208 bytes
msyuv.dll: 5.03.2600.5908 English Final Retail 11/27/2009 18:11:44 17920 bytes
wstdecod.dll: 5.03.2600.5512 English Final Retail 4/14/2008 01:12:10 50688 bytes
------------------
DirectShow Filters
------------------
DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.5933
WST Renderer,0x00800000,1,1,WSTRenderer.ax,6.05.2710.2732
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.5933
WM ASF Reader,0x00400000,0,0,qasf.dll,10.00.0000.4332
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,10.00.0000.3646
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.5933
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.5933
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2710.2732
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2715.5512
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Microsoft TV Caption Decoder,0x00600000,1,0,MSTVCapn.dll,5.01.2710.2732
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5933
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.5933
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
VBI Codec,0x00600000,1,4,VBICodec.ax,6.05.2710.2732
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.06.0000.0052
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2710.2732
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5933
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.5933
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,10.00.0000.3646
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.05.2600.5933
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASX file Parser,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,10.00.0000.3646
NSC file Parser,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.5933
Windows Media source filter,0x00600000,0,2,wmpasf.dll,10.00.0000.3646
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5933
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2715.5512
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.5512
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.5933
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.5933
WM ASF Writer,0x00400000,0,0,qasf.dll,10.00.0000.4332
CBVA Filter,0x00200000,1,1,CBVAFilter.dll,5.01.2700.2180
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4504
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.5512
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.5512
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.5933
.RAM file Parser,0x00600000,1,0,wmpasf.dll,10.00.0000.3646
WST Pager,0x00800000,1,1,WSTPager.ax,6.05.2710.2732
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2710.2732
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,10.00.0000.3646
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF URL Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.5512
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.5512
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.05.2710.2732
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2715.5512
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.5512
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5933
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.5933
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.5933
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.5933
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.5933
XML Playlist,0x00400000,1,0,wmpasf.dll,10.00.0000.3646
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.5933
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.5933
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.5933
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5933
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.5933
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003
Video Compressors:
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
WMVideo Advanced Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.5933
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512
Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.5933
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5933
PCM,0x00200000,1,1,quartz.dll,6.05.2600.5933
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5933
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.5933
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.5933
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.5933
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.5933
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.5933
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.5933
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.5933
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.5933
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.5933
Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.5933
BDA Network Providers:
Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.05.2710.2732
Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.05.2710.2732
BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.05.2710.2732
BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2715.5512
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2715.5512
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2715.5512
Audio Renderers:
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.5933
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.5933


----------



## Cookiegal (Aug 27, 2003)

The video and sound drivers were not installed. Remember I said when you reformat you will have to install all of the necessary drivers? Did you have them on a CD?


----------



## GIRLY1 (May 11, 2011)

I have the following DELL CD's

Dell E197FP LCD Monitor
Contents: HTML User Documentation, Drivers

Dell Photo All in One Printer 926
Contents: Dell All in One Center, Dell Picture Studio V3.0, User's guide

Dell Dimension Resource CD
Contents: Device Drivers, Diagnostics and Utilities

Operating System - Re-installation DVD
Microsoft Eindows XP Media Center Version 2005 with Update Rollup 2

Other CD's

Audigy Advanced MB ( By Creative Technology)
intergrated Sound Blaster Audigy Advanced HD Audio

I take it that I should use the DELL Dimension Resource CD for the drivers but not sure.
Also on the CD it says;
You must boot your computer from this CD to run the diagnostics, which may require changing your computer's boot sequence.

Or would it be easier to download drivers from DELL website and which ones?

Thanks


----------



## crjdriver (Jan 2, 2001)

Post the model # or the service tag # and I will see if I can find the drivers for you. When you do a windows install, it is done in this order;
1 Install the os
2 Update to latest service pack
3 Install chipset/mb drivers
4 Install sound, nic drivers
5 Install video driver
6 If all is well, then activate windows and make a backup image. Store the image on an external drive, NAS, network share, etc. If you ever need to clean install again, it takes all of 5min to restore the image with drivers and all. Done.


----------



## crjdriver (Jan 2, 2001)

I will be off for a while; errands and go to the gym. I will check this later in the day.


----------



## Cookiegal (Aug 27, 2003)

Thanks crj. :up:


----------



## GIRLY1 (May 11, 2011)

Model - DELL Dimension 9200
Service Tag - GBSZL2J

 crjdriver, thankyou


----------



## TerryNet (Mar 23, 2005)

Drivers for that service tag are here.


----------



## crjdriver (Jan 2, 2001)

Terry beat me to it. Install the drivers as outlined in post #341 above. Post back if you have any problems.


----------



## GIRLY1 (May 11, 2011)

Just to clarify. Do I need to do number 3 in your list. As Cookiegal advised that it was the video and sound drivers that need to be installed. 
If I do need to do number 3, can you confirm that it is the following
Chipset(1) Intel Driver 

For number 4 in your list
Audio(2) Creative Labs - Driver

For number 5 in you list
Video(2) nVidia - Driver

Just want to make sure that I install the correct one as there are other downloads in the link TerryNet provided.
Thanks


----------



## Triple6 (Dec 26, 2002)

Yes, you should install the Chipset drivers as they will ensure proper operation for the system and all additional drivers may depend on the chipset drivers being installed.


----------



## GIRLY1 (May 11, 2011)

Ok. Did the following as was asking whether to Run or Save when clicking on the Download button. 
Wasn't sure so I saved the following to C drive.

Chipset(1) 
File Title(s) - Intel Driver
Importance - High
Release Date - 6/27/2008
Version - 8.0.0.1009, A17

Audio(2)
File Title(s) - Creative Labs - Driver
Importance - Recommended
Release Date - 8/18/2006
Version - RC6, 44.1K A02

Video(2)
File Title(s) - nVidia - Driver
Importance - Optional
Release Date - 8/18/2006
Version - 84.40, A00

I then ran Chipset which loaded fine.
I then ran Audio Creative Labs Driver and I received the following 2 popup boxes.

No supported device found.

and then

Fatal Error
Setup is unable to initilaise the installation program. This installation will quit now.

I have not run the Video driver as yet.

Please advise. Thanks


----------



## crjdriver (Jan 2, 2001)

There are two different audio drivers depending on which one you have; ie creative or sigmatel. Which driver did you try and install?

Have you tried both?


----------



## GIRLY1 (May 11, 2011)

I have only tried the Creative Labs driver. And because I have Creative speakers.



> There are two different audio drivers depending on which one you have


How can I tell which one I am meant to load?


----------



## TerryNet (Mar 23, 2005)

> How can I tell which one I am meant to load?


One way is trial and error.  Try one and when it fails as above then try the other.


----------



## GIRLY1 (May 11, 2011)

Ok , I have now downloaded , saved and run 

Audio(2)
File Title(s) - SIGMATEL - Driver
Importance - Optional
Release Date - 10/05/2006
Version - 5.10.0.4991, A07

and also

Video(2)
File Title(s) - nVidia - Driver
Importance - Optional
Release Date - 8/18/2006
Version - 84.40, A00

have restarted PC and am no longer getting the Found New Hardware Wizard pop up box everytime it reboots.


Is there any other drivers I need to do or does that mean everthing with the drivers is now fine?

What is next that we do?


----------



## crjdriver (Jan 2, 2001)

Are there any yellow marks in device mgr? If you are unsure, then post a screenshot.
To post a screenshot;
1 Open device mgr
2 Hit the Prt Scr key
3 Open any viewer like paint, irfanview, etc
4 From the menu click edit>paste
5 Save the file as a jpeg
6 In your thread, hit the go advanced button
7 Click the manage attachments and point it at where you saved the file. Click upload and then submit.


----------



## GIRLY1 (May 11, 2011)

Please find attached screenshot of Device Manager.

Also I am getting the following ANIWZCS2 popup box, I have attached screenshot of that too.

I've had to zip them as file size was exceeded.


----------



## crjdriver (Jan 2, 2001)

You need to install your network driver. Download it from the dell site and install.


----------



## GIRLY1 (May 11, 2011)

Ok, wasn't sure out of the 2 which driver to download and install so I have installed the following network driver;

Network(2)
File Title(s) - Intel - Driver
Importance - Recommended
Release Date - 12/10/2007
Version - 9.10.8.0, A04

Loaded fine and have attached new device manager screenshot.


----------



## crjdriver (Jan 2, 2001)

That should do it; looks good. Is everything working now?


----------



## GIRLY1 (May 11, 2011)

I'm not getting any more popup screens or errors at the moment, will keep an eye on it.

What's next that needs doing or will Cookiegal advise?

thanks for all your assistance:up:


----------



## crjdriver (Jan 2, 2001)

I would say install some type of AV software however I just do hardware stuff. The malware is above my pay grade


----------



## Cookiegal (Aug 27, 2003)

From my perspective you should be fine now but those who advised you know more about those things than I do......(that's why I beckoned them for their assistance). Thanks to all who assisted. :up:


----------



## Cookiegal (Aug 27, 2003)

crjdriver said:


> I would say install some type of AV software however I just do hardware stuff. The malware is above my pay grade


I just saw your post after submitting mine. I believe that's already been done but GIRLY1 will confirm. 

I'll see that you get a bonus in your next envelope.


----------



## GIRLY1 (May 11, 2011)

Yes, currently I have Avira loaded but will load NIS once we have completed everything.

Should I download Adobe Falsh Player and Adobe Reader, also anything else I should download?.
Also I have Microsoft Office Professional Plus 2010 which I would like to load, is it ok to load that now?

Thanks


----------



## Cookiegal (Aug 27, 2003)

Yes, you can reinstall programs such as:

Adobe Flash
http://get.adobe.com/flashplayer/otherversions/

Adobe Reader
http://get.adobe.com/reader/

In both cases, uncheck whatever else is offerred with it before downloading (it could be the Google Toolbar or something else as they are not needed and only contribute to unnecessary clutter taking up space on the hard drive).

Also, install the lastest version of Java:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 26 *.
You will see four options, Java, JavaFX, NetBeans and Java EE. Under the first one (Java) you will see two links, JDK and JRE. Click on the JRE link.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6u26 with JavaFX License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (*jre-6u26-windows-i586.exe*) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version of Java.

Then I suggest that you run Secunia periodically to make sure you always have the latest version of the software you're running as this is very important so you don't get infected again. Often infections come through vulnerabilities in the operating system itself and the browser (therefore keep up with windows updates for the OS and Internet Explorer and updates for any other browser you may be using), Adobe Flash and Reader and Java as well as many other programs. 

I also recommend that you install MalwareBytes which we used during this clean up and update it and run it regularly as an on-demand scanner.

http://thespykiller.co.uk/downloads/mbam-setup.exe

When you have everything installed, please post a new HijackThis log so I can see what you have running at start-up. If there are things that are not necessary we can remove them from startup.

It also wouldn't hurt to add another 512 of RAM to each of the PCs to enhance performance. That just might fix the flash issue on PC2.


----------



## Cookiegal (Aug 27, 2003)

P.S. Before uninstalling Avira be sure to exit the program so it's not running first and then after uninstalling it reboot the PC before installing NIS. A reboot will generally ensure a complete uninstall of all components.


----------



## GIRLY1 (May 11, 2011)

*PC3*

Loaded programs.
Please find attached HijackThis log for

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:28:16, on 04/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6366 bytes

I have also installed MalwareBytes and ran a full scan on all drives. Pasted below is log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 7018
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/07/2011 14:23:38
mbam-log-2011-07-04 (14-23-38).txt
Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 191611
Time elapsed: 26 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Also during running MalwareBytes, NIS advised of the attached trojan. Do I need to do anything to this?

Thanks


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I can't open the attachment because I'm running an older version of Word (2003). Can you please save it again using the compatibility mode to save it in .doc format and upload that file?


----------



## GIRLY1 (May 11, 2011)

Sorry about that


----------



## Cookiegal (Aug 27, 2003)

It looks like a false positive where NIS is detecting MalwareBytes in the system restore files. But to be sure, please click on "more details" to give me the entire path to the file that was found please.


----------



## GIRLY1 (May 11, 2011)

Here you go


----------



## Cookiegal (Aug 27, 2003)

It looks like my suspicions are correct. Trojan.ADH is a heuristic detection and these are often false positives.

I'd like to know if NIS deleted the file or quarantined it so we can test it. Can you find that out? I'm not familiar with NIS to know where the quarantined files are but can find out if you don't know.


----------



## GIRLY1 (May 11, 2011)

God you are brave, anything thats been quarantined I would leave well alone and would not touch it with a barge pole.
This is what I have found about quarantine but not sure if it is the right thing.


----------



## Cookiegal (Aug 27, 2003)

Actually, I don't analyze files and didn't mean for you to attach it but I've asked a colleague (who is brave) to grab it for testing and then I'll delete it.


----------



## GIRLY1 (May 11, 2011)

This is not the actual file but more as to how one can retrieve it.


----------



## Cookiegal (Aug 27, 2003)

Please do not zip your attachments unless the file is too large and it's necessary.


----------



## Cookiegal (Aug 27, 2003)

OK. I just want to know if the file is there in quarantine or if NIS deleted it completely please.


----------



## GIRLY1 (May 11, 2011)

I cannot find anywhere where it advises if it is deleted or not, just removed. 

The only way to get the virus back is to restore it. On reading up on this it advises that, Restoring a quarantined item can put your system at risk.

I can send an email to NIS support and ask them if it gets deleted or not. Or if any of the experts @ Tech Support are familiar with NIS maybe they know. 

Let me know if you would like me to contact NIS Support.
Thanks


----------



## Cookiegal (Aug 27, 2003)

I know it said it "removed" it but I don't know if that means it was completely deleted or sent to quarantine.

You should be able to view what has been quarantined (there is no risk if it's not restored). I found some instructions that hopefully will match the version of NIS that you have.

Open "Norton Internet Security" and click on the "History" link to open the "Security History" window. Then select "Quarantine" in the list box "View" to show the quarantined files. Click on them and select "More Details" on the right side. Then under "Advanced Details" click on "Risk Details" and select "Details" to find the file name and the original location.


----------



## GIRLY1 (May 11, 2011)

I am unable to do the following of your instructions as there are no tabs further than 'More Details'.



> Then under "Advanced Details" click on "Risk Details" and select "Details" to find the file name and the original location.


I have attached a screenshot of the furthest I can drill down.
Under the 'Show' drop down list there is only the 'File Actions' option, in anticiption of you asking.
Under Options Tab, I have attached second screenshot.
I hope it helps, let me know if there is anything you would like.


----------



## Cookiegal (Aug 27, 2003)

OK, it looks like it is in quarantine.

Try to do another scan with MBAM and let me know if NIS detects anything this time.


----------



## GIRLY1 (May 11, 2011)

OK, reran MBAM, results pasted below

NIS, did not detect anything this time whilst MBAM running.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 7018
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09/07/2011 20:43:56
mbam-log-2011-07-09 (20-43-56).txt
Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 185130
Time elapsed: 26 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

I believe the detection was a false positive. The system was reformatted and it was only the second restore point created. Unless you're visiting dubious sites with it, there is no reason that it would be infected. But you can submit the file to Symantec for verification through the NIS program.

If you don't want to do that then just turn off system restore to flush any restore points and turn it back on again (even though it has already been removed by NIS).


----------



## GIRLY1 (May 11, 2011)

I have created a new restore point.


----------



## Cookiegal (Aug 27, 2003)

Did you turn system restore off first to flush the restore points out before setting a restore point?

Did you submit the file to Symantec for analysis?


----------



## GIRLY1 (May 11, 2011)

> Did you turn system restore off first to flush the restore points out before setting a restore point?


Yes



> Did you submit the file to Symantec for analysis?


No


----------



## Cookiegal (Aug 27, 2003)

So is everything fine now?


----------



## GIRLY1 (May 11, 2011)

All seems o.k. at the moment :up:  :up: Cookiegal. Have been keeping an eye on it. 

Is there any other programme(s) that I need to load? Or you want me to do?


----------



## Cookiegal (Aug 27, 2003)

You should be good to go now.

But I do recommend running Secunia periodically to make sure you keep your programs and the operating system up to date, which is very important for security reasons. The main programs that vulernabilities are often found in and then patched by critical updates so they don't get exploited are: the operating system itself (MS Windows XP and Internet Explorer), MS Office, Adobe (Reader and Flash) as well as Sun Java. But it's always good practice to keep all programs updated with the latest versions available.


----------

