# computer freezes randomly - not sure why?



## cjj123 (Sep 23, 2010)

Hi,

My computer has started freezing at random times, sometimes 10 mins, sometimes 2 hours, sometimes never?

My os is windows xp. I am running malware bytes and avast but so far have found no virus/malware problems

I'm therefore not sure if this is a software, malware or hardware problem and would be grateful if you could please help me try to narrow down what is wrong with my pc.

I have so far thoroughly cleaned the inside of the pc to reduce the temperature but this has had no effect, it still freezes.

Much appreciated and Many thanks for any help,
Chris


----------



## MMM (Sep 26, 2010)

It could be your memory failing, try some other ram sticks.


----------



## cjj123 (Oct 11, 2010)

Hi MMM,

Thanks for looking at my problem,

I have replaced the RAM sticks and it seemed to work at first (no freezes for the first 5 hours) but now it still keeps freezing randomly e.g. working in excel, updating itunes etc

Any other ideas what could be causing this? Is this likely to be a software or hardware problem?

Thanks for all your help and suggestions,
chris


----------



## lubo4444 (Oct 11, 2010)

Power Supply can cause freezes too.   If you have a spare one that you can give it a try then you will know for sure.  Also it's possible to be your Hard Drive.  You can give it a diagnostic test i think was it to see if you have problems with it.  (i'm not exactly sure about it though)


----------



## The Egyptian (Oct 11, 2010)

*use* *HijackThis* *and post the report in your next reply*


----------



## Broni (Oct 12, 2010)

Download, and install *SpeedFan*: http://www.almico.com/sfdownload.php
Post your computer temperatures:






Provide processor info (hold Windows logo key, and hit Pause/Break key to find out).


----------



## cjj123 (Oct 17, 2010)

Hi,

Thanks for the replies. Here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:05, on 17/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
E:\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\myiHome\app\myiHome-server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: myiHome Server.lnk = E:\myiHome\app\myiHome-server.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - e:\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - e:\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe

--
End of file - 9388 bytes

Cheers,
chris


----------



## cjj123 (Oct 17, 2010)

I haven't got a spare Power Supply and don't really want to try and install a new one unless this is the only option left.

Here are my computer processer spec and temperatures from speedfan:

Pentium 4 CPU 3.00Ghz
2.00Gb of RAM

Speedfan temperatures:

GPU 50C
Temp1 minus 48C
Temp2 minus 48C
Temp3 minus 48C
HD0  30C
CPU 44C
SYS 31C
PWM2 32C
PWM1 32C

Fan1 0RPM
Fan2 0RPM
Fan3 0RPM
CPU  2160RPM
NB   3420RPM
SYS  1920RPM
AUX1  0RPM
AUX2  0RPM

CPU Usage - between 15 - 26%

Thanks,
Chris


----------



## TFT (Oct 17, 2010)

You only have minor issues in your log that won't be the cause of it freezing so it boils down to be software, drivers or hardware, also your temps are fine.

I know you said there is no pattern to this but is there something common to when it happens? Do you have any background program running that may have an issue with another program, maybe keep to one program running at any one time. It could be poorly coded drivers that are OK on their own but conflict with another program.

Have you downloaded anything lately? 
Can you restore to an earlier time?


----------



## Broni (Oct 17, 2010)

> CPU Usage - between 15 - 26%



Download *Process Explorer*: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip *ProcessExplorer.zip*, and double click on *procexp.exe* to run the program.
Click on *View > Select Colunms*.
In addition to already pre-selected options, make sure, the *Command Line* is selected, and press OK.
Go *File>Save As*, and save the report as *Procexp.txt*.
Attach the file to your next reply.


----------



## cjj123 (Oct 17, 2010)

Hi,

I have attached the Procexp.txt report as recommended.

This freezing started to first happen when performing a lot of downloading from the internet and streaming video but now happens just happens randomly e.g. when working in excel.

It has been gradually getting worse and worse for a while now so don't think I can go back to a particular date. 

It also started to first happen when i got a new webcam and mouse but i have since unstalled these drivers and it still freezes so i thought it was coincidental.

Thanks,
chris


----------



## Broni (Oct 17, 2010)

I suspect, your computer may be infected...

Please, download *DDS* from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the *dds icon* to run the tool.
* When done, DDS will open two logs:
         1. *DDS.txt*
         2. *Attach.txt*
* Save both reports to your desktop by clicking *File>Save As* in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post *Attach.txt* as an attachment. No need for that though ..... just post it's contents as you would any other log.


----------



## cjj123 (Oct 18, 2010)

Thanks Broni for your help looking into this. Here are the 2 reports:

*Attach.txt*


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16/04/2005 18:33:48
System Uptime: 18/10/2010 23:03:26 (0 hours ago)

Motherboard: http://www.abit.com.tw/ |  | AG8 (Intel Grantsdale-ICH6R)
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3200/213mhz
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3200/213mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 9.771 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 114 GiB total, 58.281 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1015: 06/09/2010 19:54:41 - Software Distribution Service 3.0
RP1016: 07/09/2010 00:51:17 - Installed Keyboard Driver
RP1017: 07/09/2010 03:00:17 - Software Distribution Service 3.0
RP1018: 07/09/2010 20:05:32 - Configured Keyboard Driver
RP1019: 08/09/2010 01:10:56 - Software Distribution Service 3.0
RP1020: 08/09/2010 08:07:53 - Software Distribution Service 3.0
RP1021: 08/09/2010 23:28:49 - Software Distribution Service 3.0
RP1022: 09/09/2010 19:49:54 - Software Distribution Service 3.0
RP1023: 11/09/2010 12:01:28 - Software Distribution Service 3.0
RP1024: 12/09/2010 18:11:32 - System Checkpoint
RP1025: 14/09/2010 20:21:20 - Software Distribution Service 3.0
RP1026: 22/09/2010 08:11:03 - Software Distribution Service 3.0
RP1027: 22/09/2010 08:18:08 - Software Distribution Service 3.0
RP1028: 23/09/2010 23:13:54 - System Checkpoint
RP1029: 24/09/2010 03:00:19 - Software Distribution Service 3.0
RP1030: 25/09/2010 00:33:29 - Software Distribution Service 3.0
RP1031: 28/09/2010 18:37:23 - Software Distribution Service 3.0
RP1032: 28/09/2010 22:37:10 - Software Distribution Service 3.0
RP1033: 01/10/2010 03:00:17 - Software Distribution Service 3.0
RP1034: 01/10/2010 08:18:36 - Software Distribution Service 3.0
RP1035: 02/10/2010 00:45:29 - Software Distribution Service 3.0
RP1036: 02/10/2010 20:52:06 - Software Distribution Service 3.0
RP1037: 03/10/2010 12:38:20 - Software Distribution Service 3.0
RP1038: 03/10/2010 21:16:51 - Software Distribution Service 3.0
RP1039: 04/10/2010 23:23:22 - Software Distribution Service 3.0
RP1040: 05/10/2010 08:24:58 - Software Distribution Service 3.0
RP1041: 09/10/2010 10:43:10 - Software Distribution Service 3.0
RP1042: 09/10/2010 17:36:07 - Software Distribution Service 3.0
RP1043: 10/10/2010 10:56:52 - Software Distribution Service 3.0
RP1044: 10/10/2010 23:38:47 - Software Distribution Service 3.0
RP1045: 11/10/2010 08:06:14 - Software Distribution Service 3.0
RP1046: 16/10/2010 13:54:04 - Software Distribution Service 3.0
RP1047: 17/10/2010 20:58:12 - Software Distribution Service 3.0
RP1048: 18/10/2010 23:05:42 - Software Distribution Service 3.0

==== Installed Programs ======================

3DMark03
7-Zip 4.65
ABIT uGuru
Adobe Flash Player 10 Plugin
Adobe Premiere Pro 1.5
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
Avidemux 2.5
Bonjour
BroadJump Client Foundation
Canon PhotoRecord
Canon PIXMA iP3000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CD-LabelPrint
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
Final Draft 7
Football Manager 2005
Google Earth
GrabIt 1.7.2 Beta 4 (build 997)
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hyper-Threading Technology Test Utility
Intel(R) Processor ID Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Left 4 Dead
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
myiHome v5.1.3
Nero OEM
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
QuickPar 0.9
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Retrospect Express HD 1.0
Rhapsody Player Engine
SAGEM F@st 800-840
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE)
Sky Broadband
Sky Broadband Browser Branding
SMART Board Software
SMART Essentials for Educators
Smart Menus (Windows Live Toolbar)
SpeedFan (remove only)
Spotify
Steam
Subtitle Workshop 2.51
TMPGEnc DVD Author 1.6
U.S. Robotics V.92 PCI Modem
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VLC media player 0.9.8a
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

16/10/2010 10:07:14, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  The specified module could not be found.
16/10/2010 10:07:14, error: Service Control Manager [7023]  - The Human Interface Device Access service terminated with the following error:  The specified module could not be found.
16/10/2010 10:07:14, error: Service Control Manager [7000]  - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:  The system cannot find the file specified.
12/10/2010 23:38:17, error: ipnathlp [30005]  - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
11/10/2010 08:06:18, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Flash Player (KB923789).

==== End Of File ===========================


*DDS.txt*


DDS (Ver_10-10-10.03) - NTFSx86  
Run by Chris at 23:24:56.48 on 18/10/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2047.1335 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
E:\iTunesHelper.exe
E:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\myiHome\app\myiHome-server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RetroExpress] c:\progra~1\dantz\retros~1\RetroExpress.exe /h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "E:\iTunesHelper.exe"
mRun: [GuruClock] c:\program files\abit\abit uguru\GuruClock.exe
mRun: [GrooveMonitor] "e:\microsoft office\office12\GrooveMonitor.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ABIT uGuru] c:\program files\abit\abit uguru\uGuru.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - e:\myihome\app\myiHome-server.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - e:\micros~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\comb5egf.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: e:\adobe\acrobat 6.0\reader\browser\nppdf32.dll
FF - plugin: e:\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2005-4-18 10752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-7 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-7 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]

=============== Created Last 30 ================


==================== Find3M  ====================

2010-09-07 20:51:59	232968	----a-w-	c:\windows\system32\nvdrsdb0.bin
2010-09-07 20:51:59	1	----a-w-	c:\windows\system32\nvdrssel.bin
2010-09-07 20:51:57	232968	----a-w-	c:\windows\system32\nvdrsdb1.bin
2010-09-07 15:12:17	38848	----a-w-	c:\windows\avastSS.scr
2010-08-10 04:15:58	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-07-27 17:44:10	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-07-27 17:44:10	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2010-07-27 17:44:10	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-07-27 17:44:10	107808	----a-w-	c:\windows\system32\dns-sd.exe

============= FINISH: 23:25:43.89 ===============


----------



## cjj123 (Nov 1, 2010)

Hi,

I was just wondering if anyone had any idea why my pc is freezing randomly. Is my computer infected?


----------



## Broni (Nov 2, 2010)

Somehow, an email notification missed me.
Sorry for that.
I'll take a look at your logs right now.


----------



## Broni (Nov 2, 2010)

*STEP 1.* Download *Malwarebytes' Anti-Malware* (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
_(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is *not* necessary for our purposes)_

    * Double-click *mbam-setup.exe* and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select *Perform Quick Scan*, then click *Scan*.
    * When the scan is complete, click OK, then *Show Results* to view the results.
    * Be sure that everything is checked, and click *Remove Selected*.
    * When completed, a log will open in Notepad.
    * *Post the log back here*.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*log-date.txt*
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\*log-date.txt*


*STEP 2.* Download *GMER*: http://www.gmer.net/files.php, by clicking on *Download EXE* button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded *.exe* file, select *Rootkit* tab and click the *Scan* button.
Do NOT use the computer while GMER is running!
When scan is completed, click *Save* button, and save the results as *gmer.log*
*Warning ! Please, do not select the "Show all" checkbox during the scan.*
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


*STEP 3.* Download MBRCheck to your desktop

Double click *MBRCheck.exe* to run (Vista and Windows 7 users, right click and select *Run as Administrator*).
It will show a black screen with some data on it.
A report called *MBRcheckxxxx.txt* will be on your desktop
Open this report and post its content in your next reply.



*DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!*


----------



## cjj123 (Nov 6, 2010)

Thanks for responding. Here are the 2 logs:

Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5059

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

06/11/2010 11:56:38
mbam-log-2010-11-06 (11-56-38).txt

Scan type: Quick scan
Objects scanned: 152605
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER

GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 18:31:29
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722516VLSA80 V34OA6MA
Running: hq45xnze.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwClose [0xB4108CF0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateKey [0xB4108BAC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwDeleteKey [0xB4109160]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwDeleteValueKey [0xB410908A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwDuplicateObject [0xB4108782]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwOpenKey [0xB4108C86]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwOpenProcess [0xB41086C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwOpenThread [0xB4108726]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwQueryValueKey [0xB4108DA6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwRenameKey [0xB410922E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwRestoreKey [0xB4108D66]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwSetValueKey [0xB4108EE6]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateProcessEx [0xB4115BAE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateSection [0xB41159D2]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwLoadDriver [0xB4115B0C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                     80582EA6 7 Bytes  JMP B4115B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!NtCreateSection                                                                                  805A9E9E 7 Bytes  JMP B41159D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            805BAF9A 5 Bytes  JMP B41115D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                   805C18D0 5 Bytes  JMP B4112FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                805CFA2E 7 Bytes  JMP B4115BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                      section is writeable [0xB69DF3A0, 0x59FFE5, 0xE8000020]
init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                                      entry point in "init" section [0xB6686900]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1944] kernel32.dll!SetUnhandledExceptionFilter            7C8447ED 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00390002
IAT             C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        00390000

---- Devices - GMER 1.0.15 ----

Device                                                                                                                        aswSP.SYS (avast! self protection module/AVAST Software)
Device                                                                                                                        Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                                                                                                                        Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device                                                                                                                        Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version                                    
Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version                            0xA2 0x29 0xAA 0x9B ...

---- EOF - GMER 1.0.15 ----

Thanks,
Chris


----------



## Broni (Nov 6, 2010)

Those look good.

I still need MBRCheck log.


----------



## cjj123 (Nov 9, 2010)

Sorry missed the 3rd test:

Here is the log for MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 2 (build 2600)
Logical Drives Mask:		0x0000007d

Kernel Drivers (total 142):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E2000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB7F79000 ACPI.sys
  0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB7F68000 pci.sys
  0xB80A8000 isapnp.sys
  0xB80B8000 ohci1394.sys
  0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB85AC000 intelide.sys
  0xB80D8000 MountMgr.sys
  0xB7F49000 ftdisk.sys
  0xB85AE000 dmload.sys
  0xB7F23000 dmio.sys
  0xB8330000 PartMgr.sys
  0xB80E8000 VolSnap.sys
  0xB7F0B000 atapi.sys
  0xB80F8000 disk.sys
  0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB7EEB000 fltMgr.sys
  0xB7ED9000 sr.sys
  0xB8118000 PxHelp20.sys
  0xB7EC2000 KSecDD.sys
  0xB8671000 Winflash.sys
  0xB7E35000 Ntfs.sys
  0xB7E08000 NDIS.sys
  0xB8338000 uGuru.sys
  0xB85B0000 speedfan.sys
  0xB8128000 sbp2port.sys
  0xB7DED000 Mup.sys
  0xB8672000 giveio.sys
  0xB8158000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB68DE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB68CA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB8400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB68A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB8408000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB6887000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
  0xB738B000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xB6854000 \SystemRoot\system32\DRIVERS\USR_BSC2.sys
  0xB6831000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB6732000 \SystemRoot\system32\DRIVERS\USR_MDM.sys
  0xB668A000 \SystemRoot\system32\DRIVERS\HSF_USR.sys
  0xB8410000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB6645000 \SystemRoot\system32\DRIVERS\WG311v3XP.sys
  0xB65B1000 \SystemRoot\system32\drivers\ALCXWDM.SYS
  0xB658D000 \SystemRoot\system32\drivers\portcls.sys
  0xB737B000 \SystemRoot\system32\drivers\drmk.sys
  0xB652B000 \SystemRoot\system32\drivers\ALCXSENS.SYS
  0xB8418000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB736B000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB8574000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB6517000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB735B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB8420000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB734B000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB733B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB732B000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB8428000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xB87A5000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB731B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB6500000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB730B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB72FB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB8430000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB64EF000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB8168000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8438000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8440000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB6496000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB8178000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB8448000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB85DE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB643D000 \SystemRoot\system32\DRIVERS\update.sys
  0xB8598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8188000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB85E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB8460000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xB85EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB86C2000 \SystemRoot\System32\Drivers\Null.SYS
  0xB85EC000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB8470000 \SystemRoot\System32\drivers\vga.sys
  0xB85EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB85F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB8478000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB8480000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB8544000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB41D6000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB417E000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB8218000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0xB415D000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB410D000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB40EB000 \SystemRoot\System32\drivers\afd.sys
  0xB8228000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB40C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB4051000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB8238000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB402A000 \SystemRoot\System32\Drivers\aswSP.SYS
  0xB8498000 \SystemRoot\System32\Drivers\Aavmker4.SYS
  0xB84A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xB856C000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB8258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB8278000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xB84B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xB64E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB3212000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xB8308000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB31FA000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB8618000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB6408000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB8368000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB86EC000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB2FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0xB2F8E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB2D63000 \SystemRoot\System32\Drivers\aswMon2.SYS
  0xB2B7F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB8626000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB2CE7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xB2A38000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB2E32000 \SystemRoot\system32\DRIVERS\secdrv.sys
  0xB83B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0xB263B000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB81A8000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB864A000 \SystemRoot\system32\drivers\splitter.sys
  0xB2618000 \SystemRoot\system32\drivers\aec.sys
  0xB26D8000 \SystemRoot\system32\drivers\swmidi.sys
  0xB26C8000 \SystemRoot\system32\drivers\DMusic.sys
  0xB25ED000 \SystemRoot\system32\drivers\kmixer.sys
  0xB8761000 \SystemRoot\system32\drivers\drmkaud.sys
  0xB25AC000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
       0 System Idle Process
       4 System
     796 C:\WINDOWS\system32\smss.exe
     848 csrss.exe
     872 C:\WINDOWS\system32\winlogon.exe
     916 C:\WINDOWS\system32\services.exe
     928 C:\WINDOWS\system32\lsass.exe
    1096 C:\WINDOWS\system32\nvsvc32.exe
    1168 C:\WINDOWS\system32\svchost.exe
    1236 svchost.exe
    1380 C:\WINDOWS\system32\svchost.exe
    1484 svchost.exe
    1640 svchost.exe
    1928 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
     332 C:\WINDOWS\system32\spoolsv.exe
     828 svchost.exe
     120 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1076 C:\Program Files\Bonjour\mDNSResponder.exe
    1200 C:\WINDOWS\system32\cisvc.exe
    1304 C:\Program Files\Java\jre6\bin\jqs.exe
    1804 C:\Program Files\SMART Board Software\SMARTBoardService.exe
    1844 C:\WINDOWS\system32\svchost.exe
    1656 wdfmgr.exe
     412 C:\WINDOWS\system32\svchost.exe
    1516 alg.exe
    2912 C:\WINDOWS\system32\cidaemon.exe
    4076 C:\WINDOWS\system32\wscntfy.exe
     276 C:\WINDOWS\explorer.exe
    2160 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2172 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2216 C:\WINDOWS\SOUNDMAN.EXE
    2504 C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    2548 E:\iTunesHelper.exe
    2612 C:\WINDOWS\system32\svchost.exe
    2924 C:\WINDOWS\system32\wuauclt.exe
    3032 E:\Microsoft Office\Office12\GrooveMonitor.exe
    1796 C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    3068 C:\Program Files\BroadJump\Client Foundation\CFD.exe
    3076 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3156 C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    3220 C:\WINDOWS\system32\rundll32.exe
    3264 C:\WINDOWS\system32\ctfmon.exe
    3392 C:\Program Files\iPod\bin\iPodService.exe
    3548 E:\myiHome\app\myiHome-server.exe
    2264 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    2300 wmiprvse.exe
    2444 C:\Program Files\Mozilla Firefox\firefox.exe
    1216 C:\PROGRA~1\Dantz\RETROS~1\Retrospect.exe
    3404 C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    2852 C:\Documents and Settings\Chris\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400  (NTFS)

PhysicalDrive0 Model Number: HDS722516VLSA80, Rev: V34OA6MA

      Size  Device Name          MBR Status
  --------------------------------------------
    153 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Thanks,
Chris


----------



## Broni (Nov 9, 2010)

Looks good 

Please download ComboFix from *Here* or *Here* to your Desktop.

***Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***


Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_.
_Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask._

*NOTE1.* If Combofix asks you to install *Recovery Console*, please allow it.
*NOTE 2.* If Combofix asks you to update the program, always do so.

Close any open browsers.
*WARNING: Combofix will disconnect your machine from the Internet as soon as it starts*
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on *combofix.exe* & follow the prompts.
When finished, it will produce a report for you.  
Please post the *"C:\ComboFix.txt" *

***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason,  Combofix refuses to run, try the following:

1. Run Combofix from *Safe Mode*.

2. Delete Combofix file, download fresh one, but rename *combofix.exe* to *your_name.exe* *BEFORE* saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named *Rkill* _(*courtesy of BleepingComputer.com*)_ which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose *Run as Administrator*

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

*Rkill.com*
*Rkill.scr*
*Rkill.pif*
*Rkill.exe*



Double-click on the Rkill desktop icon to run the tool.
_If using Vista or Windows 7 right-click on it and choose Run As Administrator_.
A *black DOS box* will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in *Link 2*.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.


Once you've gotten one of them to run, *immediately* run *your_name.exe*  by double clicking on it.

If *normal mode* still doesn't work, run BOTH tools from *safe mode*.

In case #2, please post BOTH logs, *rKill* and *Combofix*.

*DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!*


----------



## cjj123 (Nov 9, 2010)

Thanks for the quick reply Broni, Combofix worked, here is its log:


ComboFix 10-11-07.A2 - Chris 09/11/2010   1:14.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2047.1543 [GMT 0:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris\Application Data\inst.exe
c:\windows\system32\4162471361.dat
c:\windows\system32\drivers\hwdrv.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


(((((((((((((((((((((((((   Files Created from 2010-10-09 to 2010-11-09  )))))))))))))))))))))))))))))))
.

2010-10-23 09:23 . 2010-10-23 09:23	--------	d-----w-	c:\documents and settings\Chris\Application Data\Amazon

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 15:12 . 2010-08-09 23:51	38848	----a-w-	c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-08-06 23:55	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-08-06 23:56	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-08-06 23:56	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-08-06 23:56	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-08-06 23:56	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-08-06 23:56	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-08-06 23:56	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-08-06 23:56	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-08-12 18:52 . 2008-09-21 19:59	47360	-c--a-w-	c:\documents and settings\Chris\Application Data\pcouffin.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMan"="SOUNDMAN.EXE" [2004-04-28 66048]
"RetroExpress"="c:\progra~1\Dantz\RETROS~1\RetroExpress.exe" [2004-07-30 6946816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="E:\iTunesHelper.exe" [2010-09-01 421160]
"GuruClock"="c:\program files\ABIT\ABIT uGuru\GuruClock.exe" [2004-11-08 4489302]
"GrooveMonitor"="e:\microsoft office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ABIT uGuru"="c:\program files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 1695827]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
myiHome Server.lnk - e:\myihome\app\myiHome-server.exe [2009-1-9 10583256]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\myiHome\\app\\myiHome-server.exe"=
"e:\\Spotify\\spotify.exe"=
"e:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dantz\\Retrospect Express HD\\RetroExpress.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8066:UDP"= 8066:UDP:NZB

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [18/04/2005 17:44 10752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/08/2009 23:56 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/08/2009 23:56 17744]

--- Other Services/Drivers In Memory ---

*Deregistered* - Winflash
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2010-11-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\comb5egf.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPinfotl.dll
FF - plugin: e:\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 01:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a2,29,aa,9b,08,91,64,ca,bb,11,f6,2d,0d,2b,cc,82,3b,a5,1f,1a,75,
   9c,3b,e4,90,10,b3,da,8a,89,8b,51,60,db,01,54,cc,4d,19,dc,ae,89,f2,98,59,82,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a2,29,aa,9b,08,91,64,ca,bb,11,f6,2d,0d,2b,cc,82,3b,a5,1f,1a,75,
   9c,3b,e4,90,10,b3,da,8a,89,8b,51,60,db,01,54,cc,4d,19,dc,ae,89,f2,98,59,82,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3196)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\Dantz\RETROS~1\retrospect.exe
c:\progra~1\Dantz\RETROS~1\retrorun.exe
.
**************************************************************************
.
Completion time: 2010-11-09  01:25:40 - machine was rebooted
ComboFix-quarantined-files.txt  2010-11-09 01:25
ComboFix2.txt  2009-06-07 18:44

Pre-Run: 10,780,250,112 bytes free
Post-Run: 10,787,446,784 bytes free

- - End Of File - - 4100C2E573B5488D88807D730964559A


Thanks,
Chris


----------



## Broni (Nov 9, 2010)

It looks clean now 

How is computer doing at the moment?

Download *OTL* to your Desktop.



Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
 Under the *Custom Scan* box paste this in:


*
netsvcs
drivers32 
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.* 
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
*



Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: *OTL.txt* and *Extras.txt*. These are saved in the same location as OTL.
Please copy (*Edit->Select All, Edit->Copy*) the contents of these files, one at a time, and post them back here.


----------



## cjj123 (Nov 9, 2010)

I had 2 freezes last night but haven't had any since running combofix so fingers crossed. Here are the 2 OTL reports: 

OTL.txt

OTL logfile created on: 09/11/2010 22:52:13 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 9.99 Gb Free Space | 25.58% Space Free | Partition Type: NTFS
Drive E: | 114.32 Gb Total Space | 64.30 Gb Free Space | 56.25% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 14.92 Gb Total Space | 11.34 Gb Free Space | 76.03% Space Free | Partition Type: FAT32

Computer Name: CJ | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 22:50:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/01 07:32:00 | 000,421,160 | ---- | M] (Apple Inc.) -- E:\iTunesHelper.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/23 11:26:22 | 010,583,256 | ---- | M] () -- E:\myiHome\app\myiHome-server.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/10 07:09:04 | 000,958,464 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Board Software\SMARTBoardService.exe
PRC - [2004/09/13 12:37:38 | 001,695,827 | ---- | M] (ABIT Computer Corporation) -- C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
PRC - [2004/08/13 16:42:36 | 000,229,376 | ---- | M] (ABIT Computer Corp.) -- C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
PRC - [2004/07/30 14:47:36 | 006,946,816 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect Express HD\RetroExpress.exe
PRC - [2004/07/30 14:47:36 | 000,167,936 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect Express HD\Retrospect.exe
PRC - [2004/07/30 14:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
PRC - [2004/04/28 09:19:50 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/01/27 16:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 22:50:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\msgsvc.dll -- (Messenger)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/04/10 07:09:04 | 000,958,464 | ---- | M] (SMART Technologies Inc.) [Auto | Running] -- C:\Program Files\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2005/03/01 15:28:06 | 001,037,288 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- e:\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2005/03/01 15:27:18 | 000,173,040 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- e:\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2004/07/30 14:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe -- (RetroExpLauncher)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 14:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 14:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/07/09 22:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/07 13:46:38 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/23 21:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/09/24 13:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/22 00:53:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/02/09 14:09:36 | 000,019,416 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- e:\SiSoftware Sandra Lite 2005.SR1\sandra.sys -- (SANDRA)
DRV - [2004/08/09 16:49:40 | 000,014,592 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/04 12:56:40 | 000,010,752 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\uGuru.sys -- (uGuru)
DRV - [2004/08/03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/03 22:10:00 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2004/08/03 22:10:00 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2004/04/28 10:10:22 | 000,616,124 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 03:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/14 20:02:54 | 000,207,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR_BSC2.sys -- (HSFHWBS2)
DRV - [2004/01/14 20:01:40 | 000,687,488 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_USR.sys -- (winachsf)
DRV - [2004/01/14 19:59:46 | 001,041,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR_MDM.sys -- (HSF_DP)
DRV - [2003/08/13 07:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/03/13 19:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/05 15:08:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/05 15:08:00 | 000,000,000 | ---D | M]

[2008/12/06 14:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2010/11/09 00:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\comb5egf.default\extensions
[2009/09/04 19:22:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\comb5egf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/02/16 03:01:51 | 000,000,000 | ---D | M] (Tabbrowser Preferences) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\comb5egf.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2007/02/16 03:01:51 | 000,000,000 | ---D | M] (Disable Targets For Downloads) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\comb5egf.default\extensions\{FF380879-E2AA-4E2D-A348-99B9CBD7D3C0}
[2010/11/09 00:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/17 22:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/11/29 18:28:00 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPinfotl.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/09 01:20:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] E:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe (ABIT Computer Corp.)
O4 - HKLM..\Run: [iTunesHelper] E:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Dantz\Retrospect Express HD\RetroExpress.exe (Dantz Development Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk = E:\myiHome\app\myiHome-server.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -  File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/16 17:31:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 12:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 22:50:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/11/06 11:40:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.46.exe
[2010/10/23 09:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Amazon
[2010/10/17 18:10:37 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\procexp.exe
[2008/09/21 19:59:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Chris\Application Data\pcouffin.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 22:50:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/11/09 22:46:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/11/09 22:28:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/09 20:26:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 01:34:24 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 01:34:24 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 01:20:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/09 01:03:53 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2010/11/09 00:10:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MBRCheck.exe
[2010/11/08 23:51:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/06 19:22:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/06 19:22:43 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 11:58:51 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\hq45xnze.exe
[2010/11/06 11:46:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 11:44:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.46.exe
[2010/11/06 11:12:44 | 000,011,197 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\films.docx
[2010/11/06 11:12:34 | 000,107,602 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\disappearance of alice creed.nzb
[2010/11/06 11:11:58 | 000,329,372 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\house of the devil.nzb
[2010/11/06 11:11:11 | 000,323,826 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\crazy heart.nzb
[2010/11/06 11:10:06 | 000,151,589 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\is anybody there.nzb
[2010/11/02 23:06:20 | 000,010,292 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\bills.docx
[2010/11/01 19:34:01 | 000,011,591 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Year 10 lesson.docx
[2010/10/31 18:55:56 | 000,009,984 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\wedding cost.xlsx
[2010/10/29 19:07:40 | 000,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/10/23 22:00:20 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 21:25:38 | 000,056,312 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/18 22:24:37 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2010/10/17 18:10:29 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ProcessExplorer.zip
[2010/10/17 09:29:54 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\HijackThis.lnk
[2010/10/17 09:29:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SpeedFan.lnk
[2010/10/17 09:29:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 01:12:17 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 01:02:40 | 003,906,043 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2010/11/09 00:10:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\MBRCheck.exe
[2010/11/06 11:58:51 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\hq45xnze.exe
[2010/11/06 11:12:33 | 000,107,602 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\disappearance of alice creed.nzb
[2010/11/06 11:11:58 | 000,329,372 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\house of the devil.nzb
[2010/11/06 11:11:10 | 000,323,826 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\crazy heart.nzb
[2010/11/06 11:10:06 | 000,151,589 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\is anybody there.nzb
[2010/11/01 19:34:00 | 000,011,591 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Year 10 lesson.docx
[2010/10/20 21:25:38 | 000,056,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/18 22:24:36 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2010/10/17 18:10:37 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\procexp.chm
[2010/10/17 18:10:24 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ProcessExplorer.zip
[2010/10/17 09:29:54 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\HijackThis.lnk
[2010/10/17 09:29:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SpeedFan.lnk
[2009/09/16 20:39:21 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\AutoGK.ini
[2009/04/12 10:46:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/27 00:15:29 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2009/01/25 21:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 23:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/18 21:30:41 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/09/21 19:59:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.log
[2008/09/21 19:59:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.cat
[2008/09/21 19:59:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.inf
[2008/08/05 22:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 21:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/28 20:02:27 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/05/28 20:02:27 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/05/28 20:02:27 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/05/28 20:02:27 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/05/28 20:02:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/04/25 22:51:51 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/04/25 19:35:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/15 09:26:48 | 000,001,374 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\A7963CD1-E395-487E-9168-FA1DEA7AEE3D.dat
[2007/02/18 13:13:23 | 000,003,155 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/15 23:34:41 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\A7963CD1-E395-487E-9168-FA1DEA7AEE3D.ini
[2007/02/15 10:15:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\filter.drv
[2007/01/04 22:51:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\NPinfotl.INI
[2006/05/13 10:26:08 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2006/05/12 23:43:53 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2006/01/02 12:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/12/07 21:16:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/12/07 21:16:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/12/07 21:16:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/12/07 21:16:56 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/12/07 21:16:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005/10/18 17:14:09 | 000,000,562 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2005/10/02 12:42:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/02 12:05:15 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/02 10:37:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/07/20 23:18:52 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/15 22:06:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/06/25 02:29:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2005/06/08 08:21:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/06/08 08:21:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/06/08 07:50:23 | 000,851,968 | R--- | C] () -- C:\WINDOWS\System32\usbpadcp.dll
[2005/04/23 14:15:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/20 19:23:16 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2005/04/20 19:02:08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/04/18 20:01:16 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/18 17:44:49 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\WINFLASH.SYS
[2005/04/18 17:44:48 | 000,023,612 | ---- | C] () -- C:\WINDOWS\System32\FlashMenu.sys
[2005/04/18 17:44:48 | 000,023,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashMenu.sys
[2005/04/18 17:44:48 | 000,005,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\HWIOCTL.SYS
[2005/04/18 17:44:48 | 000,004,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\MEMCTL.SYS
[2005/04/18 17:44:48 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINFLASH.SYS
[2005/04/18 17:44:48 | 000,002,721 | ---- | C] () -- C:\WINDOWS\System32\drivers\AMINTSYS.SYS
[2005/04/16 23:41:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/16 18:53:44 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/04/16 17:49:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/16 17:45:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/04/16 17:45:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/04/01 15:16:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/04/01 15:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/08/09 23:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/05/12 23:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/01/06 22:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2005/12/07 21:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/01/06 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/11/09 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2007/04/27 22:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/06/16 19:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2009/06/10 00:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/25 22:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2007/02/23 18:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/28 22:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/11 23:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/06 23:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76DB64A-6787-493A-8CB7-B5039C330204}
[2010/10/23 09:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Amazon
[2009/09/16 20:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\avidemux
[2006/02/02 01:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2005/10/09 13:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\CD-LabelPrint
[2009/05/06 23:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDFab
[2006/05/12 23:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Final Draft
[2009/09/07 21:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GetRightToGo
[2010/11/07 13:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GrabIt
[2005/07/15 21:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Musicmatch
[2009/08/20 23:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Notepad++
[2009/06/09 23:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Simply Super Software
[2010/04/12 15:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SMART Technologies Inc
[2010/10/24 00:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spotify
[2009/03/16 21:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\STOIK
[2007/04/25 23:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TrojanHunter
[2009/04/13 16:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TSO
[2010/01/25 22:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vodafone
[2010/08/12 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso
[2010/11/09 22:28:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/11/09 22:46:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/04/16 17:31:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/15 23:38:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/07 18:54:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/11/09 01:25:41 | 000,009,761 | ---- | M] () -- C:\ComboFix.txt
[2005/04/16 17:31:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/28 17:02:28 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2005/04/16 17:31:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/16 17:31:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 22:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/11/09 20:26:01 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/01/16 00:23:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/08 07:17:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/08 22:24:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/08 22:35:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/08 22:51:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/08 23:08:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/09 00:52:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/09 22:43:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/11 02:13:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/01/11 14:38:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/11 14:43:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/01/11 14:50:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/01/11 14:56:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/01/12 01:21:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/01/13 00:38:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/01/13 22:16:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/01/14 22:09:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/01/15 03:08:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/01/15 07:11:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/01/15 22:58:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/16 00:23:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/08 07:17:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/08 22:24:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/01/08 22:35:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/01/08 22:51:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/08 23:08:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/09 00:52:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/09 22:43:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/11 02:13:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/11 14:38:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/11 14:43:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/01/11 14:50:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/01/11 14:56:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/01/12 01:21:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/01/13 00:38:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/01/13 22:16:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/01/14 22:09:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/01/15 03:08:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/01/15 07:11:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/01/15 22:58:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/04/16 17:31:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/09/01 06:42:44 | 000,014,488 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiEProNT.dll
[2004/06/15 05:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD61.DLL
[2004/06/15 05:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP61.DLL
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 15:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2008/02/01 10:11:10 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/04/16 17:47:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/04/16 17:47:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/04/16 17:47:30 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/04/16 17:31:48 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/04/16 17:38:25 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/04/16 17:38:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2007/05/06 11:19:57 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Chris\Desktop\ATF-Cleaner.exe
[2010/11/09 01:03:53 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2005/04/19 11:23:34 | 000,681,945 | ---- | M] (CPUID) -- C:\Documents and Settings\Chris\Desktop\cpuz.exe
[2010/11/06 11:58:51 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\hq45xnze.exe
[2010/11/06 11:44:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.46.exe
[2010/11/09 00:10:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MBRCheck.exe
[2010/11/09 22:50:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/06/07 15:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\procexp.exe
[2007/03/23 09:54:51 | 000,643,144 | ---- | M] (Xvid team                                                   ) -- C:\Documents and Settings\Chris\Desktop\XviD-1.1.2-01112006.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/04/16 17:38:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Chris\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/09 22:47:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Chris\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/09/22 17:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 00:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/29 12:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 00:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 16:24:37 | 001,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/29 12:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 12:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 12:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >


----------



## cjj123 (Nov 9, 2010)

Extras.Txt

OTL Extras logfile created on: 09/11/2010 22:52:13 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 9.99 Gb Free Space | 25.58% Space Free | Partition Type: NTFS
Drive E: | 114.32 Gb Total Space | 64.30 Gb Free Space | 56.25% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 14.92 Gb Total Space | 11.34 Gb Free Space | 76.03% Space Free | Partition Type: FAT32

Computer Name: CJ | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- 

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- E:\VLC Media Player\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- E:\VLC Media Player\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"8066:UDP" = 8066:UDP:*:Enabled:NZB

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\myiHome\app\myiHome-server.exe" = E:\myiHome\app\myiHome-server.exe:*:Enabled:myiHome-server -- ()
"E:\Spotify\spotify.exe" = E:\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"E:\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Microsoft Office\Office12\GROOVE.EXE" = E:\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"E:\Microsoft Office\Office12\ONENOTE.EXE" = E:\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Dantz\Retrospect Express HD\RetroExpress.exe" = C:\Program Files\Dantz\Retrospect Express HD\RetroExpress.exe:*isabled:  -- (Dantz Development Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\iTunes.exe" = E:\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}" = Retrospect Express HD 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{78075643-147D-4EC0-9512-96A847C34289}" = Hyper-Threading Technology Test Utility
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B72EB184-2A42-4B3C-8F8F-D7EF163829B4}" = SMART Board Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9710CCD-2A90-4545-B4B9-1E525FBB9195}" = SMART Essentials for Educators
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = ABIT uGuru
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"avast5" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"BroadJump Client Foundation" = BroadJump Client Foundation
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"myiHome_is1" = myiHome v5.1.3
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuickPar" = QuickPar 0.9
"RealPlayer 6.0" = RealPlayer
"SiSoftware Sandra Lite 2005.SR1_is1" = SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE)
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"Steam App 500" = Left 4 Dead
"SubtitleWorkshop" = Subtitle Workshop 2.51
"USR_MODEM_PCI_VEN_16EC&DEV_2F00&SUBSYS_010C16EC" = U.S. Robotics V.92 PCI Modem
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 27/03/2010 15:57:26 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

Error - 08/06/2010 21:18:45 | Computer Name = CJ | Source = avast! | ID = 33554522
Description = 

[ Application Events ]
Error - 01/11/2010 19:54:21 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/11/2010 19:54:21 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/11/2010 19:54:21 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/11/2010 20:23:59 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/11/2010 20:23:59 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/11/2010 20:23:59 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/11/2010 20:23:59 | Computer Name = CJ | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.

Error - 08/11/2010 20:49:02 | Computer Name = CJ | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
 Please shutdown and restart  the Indexing Service (cisvc).

Error - 08/11/2010 20:49:02 | Computer Name = CJ | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
 Index will   be automatically restored by refiltering all documents.

Error - 08/11/2010 21:15:32 | Computer Name = CJ | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
 Index will   be automatically restored by refiltering all documents.

[ OSession Events ]
Error - 22/10/2009 13:29:29 | Computer Name = CJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6501.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 53
 seconds with 0 seconds of active time.  This session ended with a crash.

Error - 13/10/2010 17:27:28 | Computer Name = CJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 139
 seconds with 60 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 02/10/2010 08:03:03 | Computer Name = CJ | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
 error:   %%126

Error - 02/10/2010 08:03:03 | Computer Name = CJ | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%126

Error - 02/10/2010 13:00:59 | Computer Name = CJ | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
 the same network as the interface with IP address 192.168.0.2.  The allocator has
 disabled itself on the interface in order to avoid  confusing DHCP clients.

Error - 02/10/2010 15:52:10 | Computer Name = CJ | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Flash Player (KB923789).

Error - 03/10/2010 05:47:45 | Computer Name = CJ | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
 due to the following error:   %%2

Error - 03/10/2010 05:47:46 | Computer Name = CJ | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
 error:   %%126

Error - 03/10/2010 05:47:46 | Computer Name = CJ | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%126

Error - 03/10/2010 06:30:57 | Computer Name = CJ | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
 due to the following error:   %%2

Error - 03/10/2010 06:30:57 | Computer Name = CJ | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
 error:   %%126

Error - 03/10/2010 06:30:57 | Computer Name = CJ | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%126


< End of report >

Thanks again for all your help sorting this out. Has there been anything wrong in the reports so far? 

Chris


----------



## cjj123 (Nov 14, 2010)

After using my pc on the weekend, it is still freezing at regular intervals

Any other ideas on what this could be?


----------



## Broni (Nov 14, 2010)

We'll keep checking. Let's finish cleaning process first.

Update your *Java version* here: http://www.java.com/en/download/installed.jsp

*Note 1*: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

*Note 2*: The *Java Quick Starter (JQS.exe)* adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download *JavaRa* to your desktop and unzip it to its own folder


Run JavaRa.exe (*Vista users!* Right click on *JavaRa.exe*, click *Run As Administrator*), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.


===============================================================

Run OTL


Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9


:Services

:Reg

:Files
C:\*.sqm

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.


==============================================================

Last scans...

1. Download *Security Check* from HERE, and save it to your *Desktop*.


Double-click *SecurityCheck.exe*
Follow the onscreen instructions inside of the black box.
 A *Notepad* document should open automatically called *checkup.txt*; please post the contents of that document.

*NOTE* SecurityCheck may produce some false warning(s), so leave the results reading to me.



2. Download *Temp File Cleaner (TFC)*


Double click on *TFC.exe* to run the program.
Click on *Start* button to begin cleaning process.
TFC will close all running programs, and it *may* ask you to restart computer.



3. Please run a free online scan with the ESET Online Scanner



Disable your antivirus program
Tick the box next to *YES, I accept the Terms of Use*
Click *Start*
IMPORTANT! UN-check *Remove found threats*
Accept any security warnings from your browser.
Check *Scan archives*
Click *Start*
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push *List of found threats*
Click on *Export to text file* , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.


----------



## cjj123 (Nov 16, 2010)

Hi

Here is the new OTL report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.
C:\WINDOWS\System32\cnm158.tmp deleted successfully.
C:\WINDOWS\System32\cnm201.tmp deleted successfully.
C:\WINDOWS\System32\cnm2AA.tmp deleted successfully.
C:\WINDOWS\System32\cnm353.tmp deleted successfully.
C:\WINDOWS\System32\cnmA5.tmp deleted successfully.
C:\WINDOWS\System32\cnmB9.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\scrrun.dll.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 9321506 bytes
->Temporary Internet Files folder emptied: 21726435 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 48208691 bytes
->Flash cache emptied: 13512 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gretel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 309157 bytes
->Java cache emptied: 12125852 bytes
->FireFox cache emptied: 40291381 bytes
->Flash cache emptied: 9436 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6703952 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 24576608 bytes

Total Files Cleaned = 156.00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default User

User: Gretel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11162010_233328

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


----------



## cjj123 (Nov 17, 2010)

Hi Broni,

Here is the Security Check report:

 Results of screen317's Security Check version 0.99.5  
 Windows XP Service Pack 2  
*Out of date service pack!!* 
 Internet Explorer 6 *Out of date!* 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
 Windows Firewall Enabled!  
 avast! Free Antivirus    
*Antivirus out of date!* 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
 Malwarebytes' Anti-Malware    
 HijackThis 2.0.2    
 CCleaner (remove only)   
 Java(TM) 6 Update 22  
*Out of date Java installed!* 
 Adobe Flash Player 10.1.85.3  
Adobe Reader 9.1 
*Out of date Adobe Reader installed!* 
 Mozilla Firefox (3.0.19) *Firefox Out of Date!* 
*```````````````````````````````` 
Process Check:  
objlist.exe by Laurent* 
 Alwil Software Avast5 AvastSvc.exe  
 ALWILS~1 Avast5 avastUI.exe  
*````````````````````````````````
DNS Vulnerability Check:*
*Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)* 

*``````````End of Log````````````* 


Thanks,
Chris


----------



## Broni (Nov 17, 2010)

Why is Avast listed as outdated?

=============================================================

Update *Adobe Reader*

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest *Adobe Reader*, uninstall all previous versions.
*Note.* If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed *UN*check the box which says Also Download Adobe Photoshop® Album Starter Edition.

*Alternatively*, you can uninstall Adobe Reader (33.5 MB), download and install *Foxit PDF Reader*(3.5MB) from HERE. 
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
*Note:* When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:






make sure, you have both boxes UN-checked *AND* (important!) click on *Decline* button

===============================================================

Update IE to at least version 7. Version 6 is obsolete and dangerous.
We also need to install Service Pack 3.

=============================================================

Your computer is clean 
	

	
	
		
		

		
		
	


	




1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run *OTL*



Under the Custom Scans/Fixes box at the bottom, paste in the following:



```
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
```



Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.


2. Now, we'll remove all tools, we used during our cleaning process

Clean up with *OTL*:



Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.


If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, *Windows Updates* are current (*including Service Pack 3 and Internet Explorer upgrade!!!*)

4. If any *Trojan* was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) *immediately*!

5. Download, and install *WOT* (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run *Malwarebytes* "Quick scan" once in a while to assure safety of your computer.

7. Run *Temporary File Cleaner* (TFC) weekly.

8. Download and install *Secunia Personal Software Inspector (PSI)*: http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read *How did I get infected?, With steps so it does not happen again!*: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.


----------



## cjj123 (Nov 23, 2010)

Hi Broni

Here is the OTL log:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 49446341 bytes
->Temporary Internet Files folder emptied: 4376722 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33044447 bytes
->Flash cache emptied: 3232 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Gretel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140166 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1162914 bytes

Total Files Cleaned = 84.00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gretel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_230116

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


My PC seems to be running a lot smoother and faster now. No crashes today so hopefully your expertise has done the trick.

Thanks Broni so much for all your help with this, I'll keep you updated on how my pc is running

Regards,
Chris


----------



## Broni (Nov 24, 2010)

I'm glad to hear good news 

Good luck


----------



## pandabear (Nov 25, 2010)

So was this caused by a back door trojan that disrupted reg files?


----------



## Broni (Nov 25, 2010)

It looks like...


----------



## BangMash (Jan 8, 2011)

cjj123 said:


> Hi,
> 
> My computer has started freezing at random times, sometimes 10 mins, sometimes 2 hours, sometimes never?
> 
> ...



Hey!

Have you by any chance used 'system configuration' and run a diagnostic startup to cancel out a third party software issue ect?

I had some random freezes once, I ran a diagnostic startup and my pc ran fine. I never ended up finding the program at fault as I built a new PC but with some process of elimination Im sure I wouldve found it. 

If you havent tried it Id recommend it! Good luck!

*Disregard my comment, did not see the last page with the problem worked out haha, good to see its been sorted!


----------



## Elidicious (Jan 8, 2011)

This could be caused by 2 antiviruses you have in your system. [anti- malware bytes and avast ]. I used to have the first and Mcaffee. The system would freeze very often. After I uninstalled either of them, it started working correctly.


----------

