Author Topic: packupdate107_231.exe - amongst others (Read 7769 times)

LeeP · « **on:** October 27, 2010, 06:52:08 PM »

Hello,

Been having a right nightmare with pop-ups and my pc asking me to download and install "packupdate107_231.exe".

I am running Windows XP, using Avast virus protection and spyware terminator realtime shield.

Have used both of these programs on a full/deep scan and quick scan to no avail. Have also attempted any removal with spybot S&D and Malwarebytes, in normal and safe mode.

Now at the end of my tether, and any suggestions/guidance would be much appreciated??

Many thanks,

Lee.

~(Log files for HiJackThis, SUPERSpyware and MALWare printed below)~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:59 AM, on 10/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://portal.colasrail.co.uk/InternalSite/WhlCompMgr.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://portal.colasrail.co.uk/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11036 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/28/2010 1:27:09 AM
mbam-log-2010-10-28 (01-27-09).txt

Scan type: Quick scan
Objects scanned: 136726
Time elapsed: 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2010 at 00:56 AM

Application Version : 4.45.1000

Core Rules Database Version : 5769
Trace Rules Database Version: 3581

Scan type : Complete Scan
Total Scan Time : 00:47:08

Memory items scanned : 550
Memory threats detected : 0
Registry items scanned : 7043
Registry threats detected : 0
File items scanned : 45107
File threats detected : 333

Adware.Tracking Cookie
   broadcast.piximedia.fr [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   cdn.insights.gravity.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   cdn5.tribalfusion.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   cloud.video.unrulymedia.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   gw.callingbanners.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   ia.media-imdb.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   media.onsugar.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   media.scanscout.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   media1.break.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   s0.2mdn.net [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   secure-uk.imrworldwide.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   spe.atdmt.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   stat.easydate.biz [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   track.omguk.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   tracking.onefeed.co.uk [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   vidii.hardsextube.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   www.naiadsystems.com [ C:\Documents and Settings\Denise Cefai\Application Data\Macromedia\Flash Player\#SharedObjects\GM36UMLV ]
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@247realmedia[2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][3].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@adecn[1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@adportmedia[1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@advertise[1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@adxpose[1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][3].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@invitemedia[2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@media6degrees[1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@ru4[2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][2].txt
   C:\Documents and Settings\Denise Cefai\Cookies\[email protected][1].txt
   C:\Documents and Settings\Denise Cefai\Cookies\denise_cefai@virginmedia[1].txt
   .atdmt.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .virginmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .e-2dj6wfmyuoazggo.stats.esomniture.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .philips.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .dmtracker.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   onlineadtracker.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   server.lon.liveperson.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ramadajarvis.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .amznmothercare.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .royalbankofscotland.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .msnportal.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   server.lon.liveperson.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   track.adform.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .newsquestdigitalmedia.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .himedia.individuad.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .himedia.individuad.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trinitymirror.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .myticketmarket.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   server.lon.liveperson.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   server.lon.liveperson.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   onlineadtracker.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .hearstdigital.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .toptable.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   adserver.adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtechus.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .simplymedia.tv [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .e-2dj6wfloujd5chq.stats.esomniture.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   bridge2.admarketplace.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .admarketplace.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   tracking.onefeed.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   in.getclicky.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .nextag.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .nextag.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   uk.sitestat.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   uk.sitestat.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .chitika.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .timeinc.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .yourcounty.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .yourcounty.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .yourcounty.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   tracking.dc-storm.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   uk.sitestat.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   uk.sitestat.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   user.lucidmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .americanexpress.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   tracking.dc-storm.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .debenhams.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   banner.pumpkinpatchkids.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   onlineadtracker1.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .richmedia.yahoo.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .paypal.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kantarmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kantarmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.vertadnet.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   wmads2.widearea.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .royalmail.112.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .videoegg.adbureau.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .weborama.fr [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .vdwp.solution.weborama.fr [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .vdwp.solution.weborama.fr [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .vdwp.solution.weborama.fr [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .vdwp.solution.weborama.fr [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tescostores.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   myonlineaccounts2.abbeynational.co.uk [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .uk.at.atwola.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .uk.at.atwola.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .uk.at.atwola.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .readersdigest.122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .122.2o7.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .stats.paypal.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   track.adform.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .findaproperty.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   spear.directtrack.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   spear.directtrack.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .directtrack.com [ C:\Documents and Settings\Lee Packham\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Rogue.Agent/Gen-Nullo[DLL]
   C:\WINDOWS\SYSTEM32\22524090641.DLL

SuperDave · « **Reply #1 on:** October 30, 2010, 07:07:34 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

**************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
**********************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

LeeP · « **Reply #2 on:** November 01, 2010, 06:24:04 PM »

Hi Dave,

HiJackThis ran and two items fixed as per your instructions.

Security check did not download as a zip file from either location, but as an .exe and when run froze several times at "Finished Preparing"

ComboFix ran succesfully and log posted below.

ComboFix 10-11-01.01 - Lee Packham 11/02/2010 0:08:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1432 [GMT 0:00]
Running from: C:\Documents and Settings\Lee Packham\Desktop\commy.exe
Command switches used :: /stepdel
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\23435389041.dll
C:\WINDOWS\system32\arp.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-10-28 00:43:56 . 2010-10-28 00:43:56   388096   ----a-r-   C:\Documents and Settings\Lee Packham\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-28 00:43:55 . 2010-10-28 00:43:55   --------   d-----w-   C:\Program Files\Trend Micro
2010-10-27 23:03:20 . 2010-10-27 23:03:20   --------   d-----w-   C:\Documents and Settings\Lee Packham\Application Data\SUPERAntiSpyware.com
2010-10-27 23:03:20 . 2010-10-27 23:03:20   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-27 23:03:13 . 2010-10-27 23:03:27   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2010-10-27 22:56:05 . 2010-10-27 22:56:10   --------   d-----w-   C:\Program Files\CCleaner
2010-10-27 22:45:01 . 2009-04-06 10:37:12   704384   ----a-w-   C:\WINDOWS\system32\drivers\SandBox.sys
2010-10-27 22:43:25 . 2009-02-10 15:15:42   257432   ----a-w-   C:\WINDOWS\system32\drivers\afwcore.sys
2010-10-27 22:42:00 . 2009-02-18 16:30:56   31128   ----a-w-   C:\WINDOWS\system32\drivers\afw.sys
2010-10-27 22:41:50 . 2010-10-27 22:41:50   --------   d-----w-   C:\Program Files\Agnitum
2010-10-27 22:41:20 . 2010-10-27 22:56:31   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Agnitum
2010-10-16 23:00:41 . 2010-10-16 23:00:41   --------   d-----w-   C:\Documents and Settings\Lee Packham\Application Data\dvdcss
2010-10-13 12:49:11 . 2010-09-18 06:53:25   974848   ------w-   C:\WINDOWS\system32\dllcache\mfc42.dll
2010-10-13 12:49:11 . 2010-09-18 06:53:25   953856   ------w-   C:\WINDOWS\system32\dllcache\mfc40u.dll
2010-10-13 12:49:01 . 2010-08-23 16:12:04   617472   ------w-   C:\WINDOWS\system32\dllcache\comctl32.dll
2010-10-06 23:38:03 . 2010-10-06 23:38:03   --------   d-sh--w-   C:\Documents and Settings\Lee Packham\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23:26 . 2004-08-10 11:51:11   974848   ----a-w-   C:\WINDOWS\system32\mfc42u.dll
2010-09-18 06:53:25 . 2004-08-10 11:51:11   974848   ----a-w-   C:\WINDOWS\system32\mfc42.dll
2010-09-18 06:53:25 . 2004-08-10 11:51:11   954368   ----a-w-   C:\WINDOWS\system32\mfc40.dll
2010-09-18 06:53:25 . 2004-08-10 11:51:11   953856   ----a-w-   C:\WINDOWS\system32\mfc40u.dll
2010-09-15 03:50:37 . 2010-06-17 09:22:46   472808   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2010-09-15 01:29:49 . 2010-06-17 09:22:46   73728   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2010-09-10 05:58:08 . 2004-08-10 11:51:29   916480   ----a-w-   C:\WINDOWS\system32\wininet.dll
2010-09-10 05:58:06 . 2004-08-10 11:51:10   43520   ----a-w-   C:\WINDOWS\system32\licmgr10.dll
2010-09-10 05:58:06 . 2004-08-10 11:51:09   1469440   ------w-   C:\WINDOWS\system32\inetcpl.cpl
2010-09-01 11:51:14 . 2004-08-10 11:50:54   285824   ----a-w-   C:\WINDOWS\system32\atmfd.dll
2010-08-31 13:42:52 . 2004-08-10 11:51:28   1852800   ----a-w-   C:\WINDOWS\system32\win32k.sys
2010-08-27 08:02:29 . 2004-08-10 11:51:26   119808   ----a-w-   C:\WINDOWS\system32\t2embed.dll
2010-08-27 05:57:43 . 2004-08-10 11:51:25   99840   ----a-w-   C:\WINDOWS\system32\srvsvc.dll
2010-08-26 13:39:50 . 2006-07-25 22:02:45   357248   ----a-w-   C:\WINDOWS\system32\drivers\srv.sys
2010-08-26 12:52:45 . 2010-05-03 22:43:05   5120   ----a-w-   C:\WINDOWS\system32\xpsp4res.dll
2010-08-23 16:12:04 . 2004-08-10 11:50:55   617472   ----a-w-   C:\WINDOWS\system32\comctl32.dll
2010-08-17 13:17:06 . 2004-08-10 11:51:25   58880   ----a-w-   C:\WINDOWS\system32\spoolsv.exe
2010-08-16 08:45:00 . 2004-08-10 11:51:21   590848   ----a-w-   C:\WINDOWS\system32\rpcrt4.dll
2010-07-12 23:29:29 . 2010-05-29 00:00:54   197632   ----a-w-   C:\Program Files\Common Files\OnlineFilesManager.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-07-12 23:29:29   197632   ----a-w-   C:\Program Files\Common Files\OnlineFilesManager.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-04 09:01:55 3037696]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 21:12:38 3872080]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 18:46:59 2424560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44:02 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44:02 81920]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 20:57:18 2837864]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05:30 1117184]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32:18 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 09:26:30 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33:16 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 16:22:22 262144]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-04 09:01:54 2176512]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 01:08:54 2512392]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-25 22:38:35 98304]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 17:17:18 2374464]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 17:02:06 428032]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 10:44:46 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41   548352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2006-07-25 22:15:38   61440   ----a-w-   c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2004-12-13 14:30:00   58992   ----a-w-   C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20:00   122940   ----a-w-   C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46:34   77824   ----a-w-   C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50:30   114688   ----a-w-   C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49:46   94208   ----a-w-   C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-12 18:05:30   1117184   ----a-w-   C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
2005-12-07 15:05:30   1537696   ----a-w-   C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
2005-08-17 19:10:58   24576   ----a-w-   C:\dell\Utilities\DSR\demo\DEMO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-25 22:38:35   98304   ----a-w-   C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07:20   2260480   --sha-r-   C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [5/3/2010 10:39:03 PM 165456]
R1 SandBox;SandBox;C:\WINDOWS\system32\drivers\SandBox.sys [10/27/2010 10:45:01 PM 704384]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 6:25:48 PM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 6:41:30 PM 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [5/4/2010 9:01:54 AM 142592]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [10/27/2010 10:41:55 PM 1195008]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [5/3/2010 10:39:04 PM 17744]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys [1/12/2006 9:27:16 PM 13696]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\drivers\wsp_pkt.sys [1/12/2006 9:29:38 PM 13568]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\drivers\afw.sys [10/27/2010 10:42:00 PM 31128]
R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [10/27/2010 10:43:25 PM 257432]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [5/3/2010 10:39:11 PM 133104]
S3 DMService;Whale Component Manager;C:\WINDOWS\DOWNLO~1\DMService.exe [5/17/2010 6:59:42 AM 423576]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" --> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-02 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03 22:39:11 . 2010-05-03 22:39:05]

2010-11-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03 22:39:11 . 2010-05-03 22:39:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://portal.colasrail.co.uk/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-DellSupport - C:\Program Files\Dell Support\DSAgnt.exe
MSConfigStartUp-DMXLauncher - C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe
MSConfigStartUp-MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

SuperDave · « **Reply #3 on:** November 02, 2010, 05:04:52 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]

LeeP · « **Reply #4 on:** November 03, 2010, 09:21:35 AM »

Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwUnloadDriver
Address: A93F7530
Driver Base: A93E0000
Driver End: A948B000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwWriteFile
Address: A94AE70C
Driver Base: A94AD000
Driver End: A94D0000
Driver Name: \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Function Name: ZwWriteVirtualMemory
Address: A94012B0
Driver Base: A93E0000
Driver End: A948B000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwClose
At Address: 805B1CE0
Jump To: A92E15B4
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805B1CE0
Jump To: A92E15B4
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805B8B58
Jump To: A92E2F6C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805B1CE0
Jump To: A92E15B4
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #5 on:** November 03, 2010, 12:33:32 PM »

Ok. One more scan, if you please.Also, could you please try running Security Check again.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

LeeP · « **Reply #6 on:** November 03, 2010, 02:13:01 PM »

ESET

C:\Documents and Settings\Denise Cefai\Application Data\Sun\Java\Deployment\cache\6.0\9\578e1089-4af0d4bb multiple threats
C:\Documents and Settings\Lee Packham\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application

SECURITY CHECK

Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
Outpost Firewall 2009
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player 10.1.53.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

SuperDave · « **Reply #7 on:** November 03, 2010, 07:10:43 PM »

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
***************************************
Could you please run ESET again and, this time, fix the infections.

LeeP · « **Reply #8 on:** November 03, 2010, 09:21:50 PM »

Downloaded and installed, old version deleted.

ESET rerun

C:\Documents and Settings\Denise Cefai\Application Data\Sun\Java\Deployment\cache\6.0\9\578e1089-4af0d4bb multiple threats deleted - quarantined
C:\Documents and Settings\Lee Packham\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined

SuperDave · « **Reply #9 on:** November 04, 2010, 12:40:37 PM »

How's your computer running now? Any issues?

LeeP · « **Reply #10 on:** November 04, 2010, 12:58:12 PM »

lots of pop-ups (approx 20 a minute!), prompts to download packupdate. Now running a little slower also, but that may be due to a firewall running, where I had none before.

SuperDave · « **Reply #11 on:** November 05, 2010, 01:19:16 PM »

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
*********************************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

LeeP · « **Reply #12 on:** November 05, 2010, 03:55:13 PM »

Thanks for your continued help Dave!

Nothing found in MRT.exe

OTL.txt

OTL logfile created on: 11/5/2010 9:32:11 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Denise Cefai\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 3.40 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.50 Gb Free Space | 99.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 7.45 Gb Total Space | 4.14 Gb Free Space | 55.57% Space Free | Partition Type: FAT32

Computer Name: AMELIEROSE | User Name: Denise Cefai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 21:31:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denise Cefai\My Documents\Downloads\OTL (1).exe
PRC - [2010/06/28 20:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 20:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/04 09:01:55 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010/05/04 09:01:54 | 002,176,512 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010/05/04 09:01:54 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/11/13 02:14:08 | 000,496,936 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Denise Cefai\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 01:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2005/12/09 14:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/12/09 14:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/12/07 15:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005/12/07 09:26:30 | 000,489,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\CameraAssistant.exe
PRC - [2005/06/10 09:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/12/13 14:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 14:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/11/01 16:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe

========== Modules (SafeList) ==========

MOD - [2010/11/05 21:31:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denise Cefai\My Documents\Downloads\OTL (1).exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/09 14:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 20:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 20:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 20:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/17 06:59:42 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2010/05/04 09:01:54 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/04/14 17:03:30 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2007/05/11 01:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006/07/25 22:35:47 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/12/09 14:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/12/07 15:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 15:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004/12/13 14:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/13 14:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/13 14:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LEEPAC~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 20:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 20:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 20:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 20:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 20:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 20:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/04 09:01:54 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/06 10:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 16:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 15:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/07/25 22:35:48 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/12 21:29:38 | 000,013,568 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
DRV - [2006/01/12 21:27:16 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/01/12 21:26:10 | 000,013,312 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2005/12/09 14:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/12/09 14:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/12/09 14:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/12/07 15:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 15:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/11/16 20:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/11/02 00:16:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\RunServices: [hd1af.tmp] c:\docume~1\denise~1\locals~1\temp\hd1af.tmp File not found
O4 - HKCU..\RunServices: [SkypeSetupdsHostCheckerSetup] C:\DOCUME~1\DENISE~1\LOCALS~1\Temp\hd1AF.tmp File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.colasrail.co.uk/InternalSite/WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.colasrail.co.uk/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk - C:\PROGRA~1\AOL9~1.0\aoltray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpReg: AOL Spyware Protection - hkey= - key= - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe File not found
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
MsConfig - StartUpReg: BuildBU - hkey= - key= - c:\dell\bldbubg.exe ()
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe File not found
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
MsConfig - StartUpReg: McRegWiz - hkey= - key= - c:\progra~1\mcafee.com\agent\mcregwiz.exe File not found
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe File not found
MsConfig - StartUpReg: MPFExe - hkey= - key= - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe File not found
MsConfig - StartUpReg: MSKAGENTEXE - hkey= - key= - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: Norton Ghost 10.0 - hkey= - key= - C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
MsConfig - StartUpReg: NortonDemo - hkey= - key= - C:\dell\utilities\dsr\demo\Demo.exe (Dell Inc)
MsConfig - StartUpReg: OASClnt - hkey= - key= - C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe File not found
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe File not found
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 12:13:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/04 02:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/03 11:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\PCHealth
[2010/11/03 10:11:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/11/03 10:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/11/02 19:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Plagiarism-Detector
[2010/11/02 19:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Plagiarism-Detector
[2010/11/02 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viper
[2010/11/02 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Kerigwa
[2010/11/02 00:12:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/02 00:07:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/02 00:04:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/02 00:04:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/02 00:04:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/02 00:04:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/02 00:04:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/02 00:04:33 | 000,000,000 | ---D | C] -- C:\commy
[2010/11/02 00:04:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/28 00:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/27 23:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/27 23:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/27 22:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/27 22:45:01 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2010/10/27 22:43:25 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2010/10/27 22:42:00 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2010/10/27 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2010/10/27 22:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010/10/23 15:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denise Cefai\Desktop\Chicken Phall Curry Recipe_files
[2010/05/29 00:00:54 | 000,197,632 | ---- | C] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 20:54:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 19:56:44 | 000,024,983 | ---- | M] () -- C:\WINDOWS\System32\19564425041.dll
[2010/11/05 18:53:36 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 18:53:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/05 18:53:17 | 000,360,114 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010/11/04 19:56:03 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/04 12:18:04 | 000,439,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/04 12:18:04 | 000,070,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/04 02:22:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/03 11:18:23 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 02:08:46 | 000,086,528 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/02 00:16:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/02 00:07:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/31 07:20:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 08:32:31 | 000,010,426 | ---- | M] () -- C:\Documents and Settings\Denise Cefai\Desktop\Christmas and Birthdays 2010.xlsx
[2010/10/27 23:03:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/23 15:59:43 | 000,012,934 | ---- | M] () -- C:\Documents and Settings\Denise Cefai\Desktop\Chicken Phall Curry Recipe.htm
[2010/10/21 15:27:58 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/20 12:53:11 | 000,013,240 | ---- | M] () -- C:\Documents and Settings\Denise Cefai\Desktop\ESA Supporting doc.docx
[2010/10/17 15:16:51 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Denise Cefai\Desktop\Microsoft Office Excel 2007.lnk
[2010/10/15 14:14:32 | 000,116,919 | ---- | M] () -- C:\Documents and Settings\Denise Cefai\Desktop\Carvery voucher.pdf
[2010/10/13 22:40:52 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 20:13:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 19:56:44 | 000,024,983 | ---- | C] () -- C:\WINDOWS\System32\19564425041.dll
[2010/11/04 02:22:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/02 00:07:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/02 00:07:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/02 00:04:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/02 00:04:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/02 00:04:54 | 000,086,528 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/02 00:04:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/02 00:04:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/27 23:03:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/27 22:42:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2010/10/23 15:59:42 | 000,012,934 | ---- | C] () -- C:\Documents and Settings\Denise Cefai\Desktop\Chicken Phall Curry Recipe.htm
[2010/10/17 19:07:26 | 000,010,426 | ---- | C] () -- C:\Documents and Settings\Denise Cefai\Desktop\Christmas and Birthdays 2010.xlsx
[2010/10/07 21:25:30 | 000,116,919 | ---- | C] () -- C:\Documents and Settings\Denise Cefai\Desktop\Carvery voucher.pdf
[2010/07/17 11:01:53 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Denise Cefai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 20:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2010/05/04 09:01:54 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/05/04 08:52:32 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2010/05/03 23:01:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/25 22:49:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/25 22:45:46 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/07/25 22:41:05 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/25 22:35:59 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/25 22:32:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/25 22:05:02 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/09 14:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 14:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 14:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/27 22:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010/05/03 22:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/17 09:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/11/05 09:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/11/02 19:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/02 19:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2010/07/30 11:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Cefai\Application Data\Facebook
[2010/08/27 20:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Cefai\Application Data\Juniper Networks
[2010/11/04 15:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Cefai\Application Data\Spyware Terminator
[2010/08/27 20:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Cefai\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-04 12:20:25

< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/05/08 07:40:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/05/08 07:40:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/05/08 07:40:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/05/08 07:40:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 00:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 00:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 00:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 04:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 00:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 00:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 00:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 04:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/03/21 13:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 04:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 14:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 00:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 00:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 13:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 17:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 17:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 04:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 00:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 00:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 17:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 04:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 04:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 00:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 00:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 00:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 04:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 04:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 00:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 00:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 04:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 04:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 00:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 00:12:05 | 001,614,848 | ---- | M] (Micro

SuperDave · « **Reply #13 on:** November 08, 2010, 01:12:02 PM »

Do you have the second log?
The OTL log shows you only have 3.40 Gb Free Space | 6.44% of Space Free. You should have at least 15% in order for your computer to function properly. This would be 8 Gb for your hardrive. You can check you progress by right-clicking on your C: drive and selecting Properties. I'm surprised that the computer is not crashing all the time. You will need to find some way of freeing up some space. Try transferring some files/folder/pictures to another drive. Remove/Uninstall any programs that you're not using. You can start by uninstalling HJT.

Computer Hope Forum

News:

Author Topic: packupdate107_231.exe - amongst others (Read 7769 times)

LeeP

packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others

LeeP

Re: packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others

LeeP

Re: packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others

LeeP

Re: packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others

LeeP

Re: packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others

LeeP

Re: packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others

LeeP

Re: packupdate107_231.exe - amongst others

SuperDave

Re: packupdate107_231.exe - amongst others