Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
XP 2012 Virus/Trojan
-
22-06-2011 1:24pm#1I clicked onto a website that appears to have automatically downloaded a trojan virus onto my computer. It looks like a Windows XP programme that claims it is scanning for viruses and that I have to download a registered update of a virus removal programme. (see screens)
Now I've obviously done the google thing but I'm hesitant to use a method from another forum I've never used hence asking here. Could anyone direct me towards removing this please? I have Microsoft Security Essentials and it has picked it up but is unable to remove it.
I'm running XP on a Compaq laptop0
Comments
-
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
I did that. It only gave me one .txt file.
Here it is:OTL logfile created on: 22/06/2011 16:44:57 - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.98 Mb Total Physical Memory | 566.13 Mb Available Physical Memory | 55.83% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.17% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 15.81 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 4.45 Gb Free Space | 59.79% Space Free | Partition Type: FAT32
Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (SafeList) ==========
MOD - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
SRV - File not found [Auto | Stopped] -- -- (asp.net)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmail.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
[2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
[2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
[2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2010/08/11 23:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {AAE725F3-298B-4FEF-82EE-FAF909639409} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [3599296444] C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell - "" = AutoRun
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\Auto\command - "" = E:\asp.net
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
========== Files/Folders - Created Within 30 Days ==========
[2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
[2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
[2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
[2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
[2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
[2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
[2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
[2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
[2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/22 16:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
[2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 16:39:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/22 16:36:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/22 16:36:06 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 16:36:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 16:36:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
[2011/06/22 16:34:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 16:34:26 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 04:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
[2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/15 01:42:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/14 23:54:08 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
[2011/06/10 16:46:29 | 000,022,715 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
[2011/05/31 02:01:30 | 000,311,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/22 16:34:26 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/22 03:14:39 | 000,055,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 02:29:12 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
[2011/06/22 01:58:17 | 000,156,177 | ---- | C] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/16 17:44:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:47 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/10 16:46:28 | 000,022,715 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
[2011/05/31 02:01:11 | 000,311,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
[2011/03/13 19:43:25 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/09/29 21:21:35 | 000,002,023 | ---- | C] () -- C:\WINDOWS\CTREBOOT.INI
[2010/09/29 01:53:18 | 000,643,072 | ---- | C] () -- C:\Program Files\RipIt4Me.exe
[2010/09/29 00:53:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/09/29 00:53:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/09/29 00:53:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/09/21 00:57:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/09/17 16:25:56 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
[2010/08/12 11:59:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/12 08:35:05 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 23:03:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 23:03:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/11 23:03:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/11 23:03:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 23:03:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/27 02:48:05 | 001,332,417 | ---- | C] () -- C:\Program Files\quickwiper_wizard.exe
[2010/06/24 20:46:33 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\pl5sdg.dat
[2010/06/10 03:19:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\qcopjv.dat
[2010/06/04 02:57:48 | 000,234,966 | ---- | C] () -- C:\Program Files\REST2514.EXE
[2010/06/04 02:31:44 | 001,509,888 | ---- | C] () -- C:\Program Files\DiskDigger.exe
[2010/03/12 01:29:32 | 010,428,143 | ---- | C] () -- C:\Program Files\FreenetInstaller-1241.exe
[2010/02/26 12:45:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\urhtps.dat
[2009/12/17 06:24:59 | 008,834,504 | ---- | C] () -- C:\Program Files\RMSetup.exe
[2009/12/17 06:08:47 | 008,486,872 | ---- | C] () -- C:\Program Files\FCTBSetup.exe
[2009/11/10 20:07:37 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2009/11/09 05:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/11/09 05:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/09 05:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2009/11/09 05:50:05 | 000,759,917 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/07 23:28:37 | 000,000,402 | ---- | C] () -- C:\Program Files\ResHacker.ini
[2009/11/07 23:28:06 | 000,014,781 | ---- | C] () -- C:\Program Files\Dialogs.def
[2009/11/07 23:28:05 | 000,881,664 | ---- | C] () -- C:\Program Files\ResHacker.exe
[2009/11/07 23:27:45 | 000,554,899 | ---- | C] () -- C:\Program Files\reshack.zip
[2009/11/07 23:20:43 | 000,108,395 | ---- | C] () -- C:\Program Files\ZapMessenger.zip
[2009/05/19 22:54:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
[2009/05/18 02:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/01 02:40:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\_id.dat
[2009/01/09 08:16:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/12 05:11:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/05 21:27:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2008/05/08 03:54:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008/05/08 03:41:02 | 000,090,696 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2008/05/08 03:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2008/04/26 16:23:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 19:47:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
[2008/04/23 19:47:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
[2008/04/23 19:46:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2008/04/23 17:31:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/23 17:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/23 17:03:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/23 16:59:27 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/23 16:51:18 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/03/15 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/03/15 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 20:00:00 | 000,497,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 20:00:00 | 000,086,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/03/16 04:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/19 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/06/25 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/07/02 05:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/05/11 02:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/06/25 05:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/06/25 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/09/27 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/09/16 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/09/17 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/29 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/22 21:30:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/11/22 21:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
[2010/07/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2010/09/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Broad Intelligence
[2009/01/09 08:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
[2010/09/22 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
[2009/01/13 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\foobar2000
[2008/12/15 02:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
[2009/11/12 04:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Java
[2010/05/15 05:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2008/09/14 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2008/05/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2008/06/25 05:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2008/07/28 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
[2009/07/07 02:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2009/05/18 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2008/06/25 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010/09/22 21:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Publish Providers
[2010/09/29 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RipIt4Me
[2010/09/22 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2010/12/15 20:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2010/09/29 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
[2011/06/22 16:39:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/22 16:36:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-User-Startup.job
[2011/06/22 16:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\User\Desktop\01 Intro PCP.avi:TOC.WMV
< End of report >
[code]OTL logfile created on: 22/06/2011 16:44:57 - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.98 Mb Total Physical Memory | 566.13 Mb Available Physical Memory | 55.83% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.17% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 15.81 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 4.45 Gb Free Space | 59.79% Space Free | Partition Type: FAT32
Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (SafeList) ==========
MOD - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
SRV - File not found [Auto | Stopped] -- -- (asp.net)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmail.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
[2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
[2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
[2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2010/08/11 23:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {AAE725F3-298B-4FEF-82EE-FAF909639409} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [3599296444] C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell - "" = AutoRun
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\Auto\command - "" = E:\asp.net
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
========== Files/Folders - Created Within 30 Days ==========
[2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
[2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
[2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
[2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
[2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
[2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
[2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
[2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
[2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/22 16:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
[2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 16:39:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/22 16:36:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/22 16:36:06 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 16:36:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 16:36:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
[2011/06/22 16:34:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 16:34:26 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 04:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
[2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeS0 -
Open OTL paste this in the custom scan/fixes box at the bottom
:OTL
SRV - File not found [Auto | Stopped] -- -- (asp.net)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {AAE725F3-298B-4FEF-82EE-FAF909639409} - No CLSID value found.
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O4 - HKCU..\Run: [3599296444] C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell - "" = AutoRun
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\Auto\command - "" = E:\asp.net
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell - "" = AutoRun
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
[2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
[2011/06/22 02:29:12 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
Cn911.exe /s /alldrives
C:\kcf.exe /s
C:\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 /s
:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
Click Run Fix. Reboot the PC
Open OTL again click Quick Scan post that log here0 -
After the reboot it appears to be gone. The fake scan popups had been opening up anytime I tried opening a programme. They haven't appeared.
This log opened after the reboot:All processes killed
========== OTL ==========
Service asp.net stopped successfully!
Service asp.net deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAE725F3-298B-4FEF-82EE-FAF909639409}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAE725F3-298B-4FEF-82EE-FAF909639409}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3599296444 deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
File E:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
File E:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
File E:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
File E:\asp.net not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
File E:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
File E:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\System32\dllcache\SET3BA.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3BB.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET3A3.tmp deleted successfully.
C:\WINDOWS\System32\SET3A4.tmp deleted successfully.
C:\WINDOWS\System32\SET3AD.tmp deleted successfully.
C:\WINDOWS\System32\SET3B7.tmp deleted successfully.
C:\WINDOWS\System32\SET3B8.tmp deleted successfully.
C:\WINDOWS\System32\SET3B9.tmp deleted successfully.
C:\WINDOWS\System32\SET3C1.tmp deleted successfully.
C:\WINDOWS\System32\SET4.tmp deleted successfully.
C:\WINDOWS\System32\SET5.tmp deleted successfully.
C:\WINDOWS\System32\SET55.tmp deleted successfully.
C:\WINDOWS\System32\SET5E.tmp deleted successfully.
C:\WINDOWS\System32\SET60.tmp deleted successfully.
C:\WINDOWS\System32\SET61.tmp deleted successfully.
C:\WINDOWS\System32\SET70.tmp deleted successfully.
C:\WINDOWS\System32\SETB4.tmp deleted successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\003140_.tmp deleted successfully.
C:\WINDOWS\SET12C.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\SETDA.tmp deleted successfully.
C:\WINDOWS\SETDD.tmp deleted successfully.
C:\WINDOWS\SETE9.tmp deleted successfully.
C:\WINDOWS\~GLC0000.TMP deleted successfully.
C:\WINDOWS\~GLC0001.TMP deleted successfully.
C:\~BCWipe.tmp\MFT_DIR\0.TMP deleted successfully.
C:\~BCWipe.tmp\MFT_DIR\1.TMP deleted successfully.
C:\~BCWipe.tmp\MFT_DIR folder deleted successfully.
C:\~BCWipe.tmp\0.TMP deleted successfully.
C:\~BCWipe.tmp\1.TMP deleted successfully.
C:\~BCWipe.tmp\2.TMP deleted successfully.
C:\~BCWipe.tmp\WIP185.tmp deleted successfully.
C:\~BCWipe.tmp folder deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
File C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe not found.
File C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 not found.
File C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 not found.
File C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACRORD32.EXE-3A1F13AE.pf moved successfully.
C:\WINDOWS\prefetch\ACRORD32INFO.EXE-242CE4AA.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ADOBECOLLABSYNC.EXE-3AEB73D9.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\AM_BASE.EXE-20AD945D.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA.EXE-2F7A6F0C.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA_PATCH1.EXE-1E34A3CB.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA_PATCH2.EXE-1B96EA75.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA_PATCH3.EXE-3367F33D.pf moved successfully.
C:\WINDOWS\prefetch\AM_ENGINE_PATCH1.EXE-0C15AD30.pf moved successfully.
C:\WINDOWS\prefetch\AVCMANU.EXE-30BE0B32.pf moved successfully.
C:\WINDOWS\prefetch\CENTRALE.EXE-2BB601C8.pf moved successfully.
C:\WINDOWS\prefetch\CHDAUDPROPSHORTCUT.EXE-1BFACDD2.pf moved successfully.
C:\WINDOWS\prefetch\CSRSS.EXE-12B63473.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DIVXUPDATE.EXE-24EAF9C6.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-42807EE4.pf moved successfully.
C:\WINDOWS\prefetch\DRWTSN32.EXE-2B4B52AC.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\prefetch\EHTRAY.EXE-02EFC9BD.pf moved successfully.
C:\WINDOWS\prefetch\EKIJ5000MUI.EXE-38D59FE9.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.
C:\WINDOWS\prefetch\FLASHUTIL10I_PLUGIN.EXE-12E2B032.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-0DCC203F.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-27F2A53C.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEEARTH-WIN-BUNDLE-6.0.3.-20806D3C.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEEARTH.EXE-0ECDFF2A.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEQUICKSEARCHBOX.EXE-0A3FF7F0.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEQUICKSEARCHBOXSETUP_F8D-1EAFAA8C.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-21B01BE0.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_B12CA2CB-043AC4A2.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_C8CBFED7-39E8F175.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-0FA8E2C4.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATEONDEMAND.EXE-0C430DEB.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATEONDEMAND.EXE-3298D0AF.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE_5898FABC-323CF2AE.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATESETUP.EXE-01C83334.pf moved successfully.
C:\WINDOWS\prefetch\GP5.EXE-20FA1F68.pf moved successfully.
C:\WINDOWS\prefetch\HELPER.EXE-0415776D.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\HKCMD.EXE-1D05234B.pf moved successfully.
C:\WINDOWS\prefetch\HPQWMIEX.EXE-1982D280.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IGFXPERS.EXE-2C07C174.pf moved successfully.
C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
C:\WINDOWS\prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\JAUCHECK.EXE-0CBF467B.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-0C263507.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-021AC9A9.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully.
C:\WINDOWS\prefetch\JRE-6U24-WINDOWS-I586-IFTW-RV-38315F87.pf moved successfully.
C:\WINDOWS\prefetch\JRE-6U26-WINDOWS-I586-IFTW-RV-1F5EB7D4.pf moved successfully.
C:\WINDOWS\prefetch\JUCHECK.EXE-1B0E4D0A.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
C:\WINDOWS\prefetch\KHOST.EXE-0B46E9A4.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MCRDSVC.EXE-0560ADD0.pf moved successfully.
C:\WINDOWS\prefetch\MPCMDRUN.EXE-1F94F686.pf moved successfully.
C:\WINDOWS\prefetch\MPSIGSTUB.EXE-1D30D19B.pf moved successfully.
C:\WINDOWS\prefetch\MRT.EXE-1B4A8D49.pf moved successfully.
C:\WINDOWS\prefetch\MRTSTUB.EXE-13E953EE.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\prefetch\MSMSGS.EXE-2B6052DE.pf moved successfully.
C:\WINDOWS\prefetch\MSNMSGR.EXE-030AB647.pf moved successfully.
C:\WINDOWS\prefetch\MSPAINT.EXE-11CBB631.pf moved successfully.
C:\WINDOWS\prefetch\MSSECES.EXE-14257906.pf moved successfully.
C:\WINDOWS\prefetch\MSVS.EXE-129B5DE4.pf moved successfully.
C:\WINDOWS\prefetch\NARRATOR.EXE-07D10D8F.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf moved successfully.
C:\WINDOWS\prefetch\QUICKSTART.EXE-24C38DA1.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2B4EA1CB.pf moved successfully.
C:\WINDOWS\prefetch\REALPLAY.EXE-1BF219BD.pf moved successfully.
C:\WINDOWS\prefetch\REALSCHED.EXE-3282FD31.pf moved successfully.
C:\WINDOWS\prefetch\REALUPGRADE.EXE-38293202.pf moved successfully.
C:\WINDOWS\prefetch\RNUPGAGENT.EXE-36B1B614.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-12E27DD0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-14A70B94.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1971D829.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1995B5A7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1A7CCCD7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1AC673A6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1C59F335.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1D5FD497.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2252FEBF.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2576181F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2670F547.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-32A4F6A3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3A2DCA87.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3AF48820.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3D32481F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-46E23FFA.pf moved successfully.
C:\WINDOWS\prefetch\SCALC.EXE-066871DC.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHWITHGOOGLEUPDATE_86D232-12B7CA4C.pf moved successfully.
C:\WINDOWS\prefetch\SIMPRESS.EXE-36866A3E.pf moved successfully.
C:\WINDOWS\prefetch\SNDVOL32.EXE-383480B7.pf moved successfully.
C:\WINDOWS\prefetch\SOFFICE.BIN-01E25E9C.pf moved successfully.
C:\WINDOWS\prefetch\SOFFICE.EXE-358D937C.pf moved successfully.
C:\WINDOWS\prefetch\SWRITER.EXE-38A9F6BD.pf moved successfully.
C:\WINDOWS\prefetch\SYNTPENH.EXE-315D3ABC.pf moved successfully.
C:\WINDOWS\prefetch\SYNTPSTART.EXE-25038CFE.pf moved successfully.
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf moved successfully.
C:\WINDOWS\prefetch\UPDATER.EXE-1854D1BE.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\USNSVC.EXE-2DF2835C.pf moved successfully.
C:\WINDOWS\prefetch\UTILMAN.EXE-0985F07B.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VLC.EXE-22DF01AA.pf moved successfully.
C:\WINDOWS\prefetch\WINDOWS-KB890830-V3.19-DELTA.-3024EBAE.pf moved successfully.
C:\WINDOWS\prefetch\WINLOGON.EXE-32C57D49.pf moved successfully.
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf moved successfully.
C:\WINDOWS\prefetch\WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA2.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
Cn911.exe not found in C:\
C:\_OTL\MovedFiles\06222011_174518\C_Documents and Settings\User\Local Settings\Application Data\kcf.exe moved successfully.
C:\_OTL\MovedFiles\06222011_174518\C_Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
C:\_OTL\MovedFiles\06222011_174518\C_Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
C:\Documents and Settings\User\Templates\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: Account 1
->Flash cache emptied: 330374 bytes
User: Administrator
User: Administrator.USER-8368896966
->Flash cache emptied: 864 bytes
User: All Users
User: Default User
->Flash cache emptied: 41620 bytes
User: Guest
->Flash cache emptied: 185780 bytes
User: LocalService
User: NetworkService
User: User
->Flash cache emptied: 2060847 bytes
Total Flash Files Cleaned = 2.00 mb
[EMPTYTEMP]
User: Account 1
->Temp folder emptied: 3653562 bytes
->Temporary Internet Files folder emptied: 9650338 bytes
->Java cache emptied: 19916762 bytes
->FireFox cache emptied: 106114382 bytes
->Flash cache emptied: 0 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Administrator.USER-8368896966
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16500313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39504470 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 112094 bytes
User: NetworkService
->Temp folder emptied: 1206412 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: User
->Temp folder emptied: 801479877 bytes
->Temporary Internet Files folder emptied: 142570208 bytes
->Java cache emptied: 451539 bytes
->FireFox cache emptied: 54048536 bytes
->Opera cache emptied: 2866069 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10838 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 173230461 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 2046705449 bytes
Total Files Cleaned = 3,260.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.24.1 log created on 06222011_174518
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF18A9.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF18B8.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF197A.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF1A02.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF1B16.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF1B5C.tmp not found!
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Y8K01OUF\showthread[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
This is what I got after the scan:OTL logfile created on: 22/06/2011 17:56:56 - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.98 Mb Total Physical Memory | 544.13 Mb Available Physical Memory | 53.66% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 84.06% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 18.74 Gb Free Space | 16.77% Space Free | Partition Type: NTFS
Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (SafeList) ==========
MOD - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 17:51:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKslc8495e60.sys -- (MpKslc8495e60)
DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmail.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
[2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
[2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
[2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2011/06/22 17:48:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/22 17:45:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 17:38:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/06/22 17:32:01 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
[2011/06/22 17:25:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
[2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
[2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
[2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
[2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
[2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
[2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
[2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
[2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
[2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
========== Files - Modified Within 30 Days ==========
[2011/06/22 18:01:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
[2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/22 17:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 17:53:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/22 17:53:14 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 17:53:14 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
[2011/06/22 17:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 17:50:54 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 17:48:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/22 17:38:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/06/22 17:36:25 | 001,007,120 | ---- | M] () -- C:\iExplore.exe
[2011/06/22 17:35:47 | 001,007,120 | ---- | M] () -- C:\rkill.com
[2011/06/22 17:32:13 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
[2011/06/22 17:27:52 | 000,513,320 | ---- | M] () -- C:\erunt.zip
[2011/06/22 17:25:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
[2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/15 01:42:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/14 23:54:08 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
[2011/06/10 16:46:29 | 000,022,715 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
[2011/05/31 02:01:30 | 000,311,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
========== Files Created - No Company Name ==========
[2011/06/22 17:36:12 | 001,007,120 | ---- | C] () -- C:\iExplore.exe
[2011/06/22 17:35:35 | 001,007,120 | ---- | C] () -- C:\rkill.com
[2011/06/22 17:27:19 | 000,513,320 | ---- | C] () -- C:\erunt.zip
[2011/06/22 16:34:26 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/22 03:14:39 | 000,055,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 01:58:17 | 000,156,177 | ---- | C] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/16 17:44:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:47 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/10 16:46:28 | 000,022,715 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
[2011/05/31 02:01:11 | 000,311,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
[2011/03/13 19:43:25 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/09/29 21:21:35 | 000,002,023 | ---- | C] () -- C:\WINDOWS\CTREBOOT.INI
[2010/09/29 01:53:18 | 000,643,072 | ---- | C] () -- C:\Program Files\RipIt4Me.exe
[2010/09/29 00:53:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/09/29 00:53:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/09/29 00:53:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/09/21 00:57:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/09/17 16:25:56 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
[2010/08/12 11:59:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/12 08:35:05 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 23:03:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 23:03:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/11 23:03:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/11 23:03:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 23:03:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/27 02:48:05 | 001,332,417 | ---- | C] () -- C:\Program Files\quickwiper_wizard.exe
[2010/06/24 20:46:33 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\pl5sdg.dat
[2010/06/10 03:19:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\qcopjv.dat
[2010/06/04 02:57:48 | 000,234,966 | ---- | C] () -- C:\Program Files\REST2514.EXE
[2010/06/04 02:31:44 | 001,509,888 | ---- | C] () -- C:\Program Files\DiskDigger.exe
[2010/03/12 01:29:32 | 010,428,143 | ---- | C] () -- C:\Program Files\FreenetInstaller-1241.exe
[2010/02/26 12:45:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\urhtps.dat
[2009/12/17 06:24:59 | 008,834,504 | ---- | C] () -- C:\Program Files\RMSetup.exe
[2009/12/17 06:08:47 | 008,486,872 | ---- | C] () -- C:\Program Files\FCTBSetup.exe
[2009/11/10 20:07:37 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2009/11/09 05:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/11/09 05:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/09 05:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2009/11/09 05:50:05 | 000,759,917 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/07 23:28:37 | 000,000,402 | ---- | C] () -- C:\Program Files\ResHacker.ini
[2009/11/07 23:28:06 | 000,014,781 | ---- | C] () -- C:\Program Files\Dialogs.def
[2009/11/07 23:28:05 | 000,881,664 | ---- | C] () -- C:\Program Files\ResHacker.exe
[2009/11/07 23:27:45 | 000,554,899 | ---- | C] () -- C:\Program Files\reshack.zip
[2009/11/07 23:20:43 | 000,108,395 | ---- | C] () -- C:\Program Files\ZapMessenger.zip
[2009/05/19 22:54:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
[2009/05/18 02:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/01 02:40:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\_id.dat
[2009/01/09 08:16:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/12 05:11:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/05 21:27:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2008/05/08 03:54:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008/05/08 03:41:02 | 000,090,696 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2008/05/08 03:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2008/04/26 16:23:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 19:47:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
[2008/04/23 19:47:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
[2008/04/23 19:46:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2008/04/23 17:31:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/23 17:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/23 17:03:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/23 16:59:27 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/23 16:51:18 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 20:00:00 | 000,497,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 20:00:00 | 000,086,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/03/16 04:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/19 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/06/25 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/07/02 05:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/05/11 02:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/06/25 05:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/06/25 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/09/27 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/09/16 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/09/17 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/29 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/22 21:30:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/11/22 21:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
[2010/07/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2010/09/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Broad Intelligence
[2009/01/09 08:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
[2010/09/22 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
[2009/01/13 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\foobar2000
[2008/12/15 02:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
[2009/11/12 04:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Java
[2010/05/15 05:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2008/09/14 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2008/05/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2008/06/25 05:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2008/07/28 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
[2009/07/07 02:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2009/05/18 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2008/06/25 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010/09/22 21:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Publish Providers
[2010/09/29 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RipIt4Me
[2010/09/22 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2010/12/15 20:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2010/09/29 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
[2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-User-Startup.job
[2011/06/22 18:01:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\User\Desktop\01 Intro PCP.avi:TOC.WMV
< End of report >0 -
looks good
update mbam run a quick scan, fix anything it finds, and post that log here0 -
Advertisement
-
This is the MBAM log:Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6920
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22/06/2011 20:06:11
mbam-log-2011-06-22 (20-06-06).txt
Scan type: Quick scan
Objects scanned: 205996
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 124
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAE725F3-298B-4FEF-82EE-FAF909639409} (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Value: 24d1ca9a-a864-4f7b-86fe-495eb56529d8 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Value: 7bde84a2-f58f-46ec-9eac-f1f90fead080 -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\User\application data\wiaserva.log (Malware.Trace) -> No action taken.
c:\documents and settings\User\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
c:\documents and settings\User\application data\Adobe\plugs\mmc242.exe (Trojan.Agent.Gen) -> No action taken.
Under "Files infected" there were a load of stuff like this (which I didn't post obv) : c:\WINDOWS\system32\cock\user@www.imdb[1].txt (Stolen.Data) -> No action taken.
Is it safe to remove those "Malware Trace and Trojan Agent" things? I recall using MBAM last year and I had removed everything kinda ham-fisted and in the process crashed my computer and got BSOD because it removed something I needed!
Thanks again for the help.0 -
yes you can remove those, should be perfectly safe
then open OTL click the none button at the top, paste this in the custom scans/fixes box
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
c:\documents and settings\User\application data\*.*
c:\documents and settings\User\application data\Adobe\shed\*.*
c:\documents and settings\User\application data\Adobe\plugs\*.*
click run scan post the log it gives0 -
Thanks again.
Here's the log after I removed those files/register keys:OTL logfile created on: 22/06/2011 22:24:45 - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.98 Mb Total Physical Memory | 76.60 Mb Available Physical Memory | 7.55% Memory free
2.38 Gb Paging File | 1.27 Gb Available in Paging File | 53.43% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 19.46 Gb Free Space | 17.41% Space Free | Partition Type: NTFS
Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/04/29 23:22:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (SafeList) ==========
MOD - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 17:51:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKslc8495e60.sys -- (MpKslc8495e60)
DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmail.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
[2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
[2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
[2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
[2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2011/06/22 17:48:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/22 19:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/22 19:30:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/22 19:29:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/22 17:45:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 17:38:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/06/22 17:32:01 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
[2011/06/22 17:25:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
[2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
[2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
[2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
[2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
[2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
[2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
[2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
[2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
[2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
========== Files - Modified Within 30 Days ==========
[2011/06/22 22:31:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
[2011/06/22 22:23:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hpalv.sys
[2011/06/22 21:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/22 17:53:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/22 17:53:14 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 17:53:14 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
[2011/06/22 17:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 17:50:54 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 17:48:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/22 17:38:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/06/22 17:36:25 | 001,007,120 | ---- | M] () -- C:\iExplore.exe
[2011/06/22 17:35:47 | 001,007,120 | ---- | M] () -- C:\rkill.com
[2011/06/22 17:32:13 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
[2011/06/22 17:27:52 | 000,513,320 | ---- | M] () -- C:\erunt.zip
[2011/06/22 17:25:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
[2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
[2011/06/15 01:42:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/14 23:54:08 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
[2011/06/10 16:46:29 | 000,022,715 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
[2011/05/31 02:01:30 | 000,311,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011/06/22 22:23:28 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpalv.sys
[2011/06/22 17:36:12 | 001,007,120 | ---- | C] () -- C:\iExplore.exe
[2011/06/22 17:35:35 | 001,007,120 | ---- | C] () -- C:\rkill.com
[2011/06/22 17:27:19 | 000,513,320 | ---- | C] () -- C:\erunt.zip
[2011/06/22 16:34:26 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/22 03:14:39 | 000,055,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
[2011/06/22 03:14:20 | 000,049,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
[2011/06/22 01:58:17 | 000,156,177 | ---- | C] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
[2011/06/16 17:44:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
[2011/06/16 14:47:47 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
[2011/06/10 16:46:28 | 000,022,715 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
[2011/05/31 02:01:11 | 000,311,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
[2011/03/13 19:43:25 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/09/29 21:21:35 | 000,002,023 | ---- | C] () -- C:\WINDOWS\CTREBOOT.INI
[2010/09/29 01:53:18 | 000,643,072 | ---- | C] () -- C:\Program Files\RipIt4Me.exe
[2010/09/29 00:53:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/09/29 00:53:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/09/29 00:53:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/09/21 00:57:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/09/17 16:25:56 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
[2010/08/12 11:59:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/12 08:35:05 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 23:03:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 23:03:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/11 23:03:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/11 23:03:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 23:03:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/27 02:48:05 | 001,332,417 | ---- | C] () -- C:\Program Files\quickwiper_wizard.exe
[2010/06/24 20:46:33 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\pl5sdg.dat
[2010/06/10 03:19:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\qcopjv.dat
[2010/06/04 02:57:48 | 000,234,966 | ---- | C] () -- C:\Program Files\REST2514.EXE
[2010/06/04 02:31:44 | 001,509,888 | ---- | C] () -- C:\Program Files\DiskDigger.exe
[2010/03/12 01:29:32 | 010,428,143 | ---- | C] () -- C:\Program Files\FreenetInstaller-1241.exe
[2010/02/26 12:45:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\urhtps.dat
[2009/12/17 06:24:59 | 008,834,504 | ---- | C] () -- C:\Program Files\RMSetup.exe
[2009/12/17 06:08:47 | 008,486,872 | ---- | C] () -- C:\Program Files\FCTBSetup.exe
[2009/11/10 20:07:37 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2009/11/09 05:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/11/09 05:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/09 05:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2009/11/09 05:50:05 | 000,759,917 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/07 23:28:37 | 000,000,402 | ---- | C] () -- C:\Program Files\ResHacker.ini
[2009/11/07 23:28:06 | 000,014,781 | ---- | C] () -- C:\Program Files\Dialogs.def
[2009/11/07 23:28:05 | 000,881,664 | ---- | C] () -- C:\Program Files\ResHacker.exe
[2009/11/07 23:27:45 | 000,554,899 | ---- | C] () -- C:\Program Files\reshack.zip
[2009/11/07 23:20:43 | 000,108,395 | ---- | C] () -- C:\Program Files\ZapMessenger.zip
[2009/05/19 22:54:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
[2009/05/18 02:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/01 02:40:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\_id.dat
[2009/01/09 08:16:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/12 05:11:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/05 21:27:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2008/05/08 03:54:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008/05/08 03:41:02 | 000,090,696 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2008/05/08 03:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2008/04/26 16:23:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 19:47:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
[2008/04/23 19:47:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
[2008/04/23 19:46:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2008/04/23 17:31:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/23 17:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/23 17:03:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/23 16:59:27 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/23 16:51:18 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 20:00:00 | 000,497,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 20:00:00 | 000,086,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/03/16 04:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/19 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/06/25 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/07/02 05:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/05/11 02:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/06/25 05:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/06/25 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/09/27 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/09/16 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/09/17 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/29 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/22 21:30:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/11/22 21:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
[2010/07/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2010/09/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Broad Intelligence
[2009/01/09 08:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
[2010/09/22 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
[2009/01/13 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\foobar2000
[2008/12/15 02:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
[2009/11/12 04:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Java
[2010/05/15 05:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2008/09/14 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2008/05/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2008/06/25 05:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2008/07/28 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
[2009/07/07 02:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2009/05/18 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2008/06/25 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010/09/22 21:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Publish Providers
[2010/09/29 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RipIt4Me
[2010/09/22 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2010/12/15 20:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2010/09/29 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
[2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-User-Startup.job
[2011/06/22 22:31:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command /s >
"" = firefox.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command /s >
"" = firefox.exe -safe-mode
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >
"" = iexplore.exe
< c:\documents and settings\User\application data\*.* >
[2008/04/23 17:30:37 | 000,000,062 | -HS- | M] () -- c:\Documents and Settings\User\Application Data\desktop.ini
[2010/09/29 00:53:48 | 000,087,608 | ---- | M] () -- c:\Documents and Settings\User\Application Data\inst.exe
[2010/09/29 00:53:47 | 000,007,887 | ---- | M] () -- c:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/09/29 00:53:47 | 000,001,144 | ---- | M] () -- c:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/09/29 00:54:04 | 000,000,034 | ---- | M] () -- c:\Documents and Settings\User\Application Data\pcouffin.log
[2010/09/29 00:53:47 | 000,047,360 | ---- | M] (VSO Software) -- c:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/06/10 03:19:35 | 000,000,012 | ---- | M] () -- c:\Documents and Settings\User\Application Data\qcopjv.dat
[2009/12/17 06:33:12 | 000,002,481 | ---- | M] () -- c:\Documents and Settings\User\Application Data\ReplayMusicLog.log
< c:\documents and settings\User\application data\Adobe\shed\*.* >
< c:\documents and settings\User\application data\Adobe\plugs\*.* >
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\User\Desktop\01 Intro PCP.avi:TOC.WMV
< End of report >0 -
Delete this file
c:\Documents and Settings\User\Application Data\qcopjv.dat
then open OTL click the cleanup button, and should be all done if there are no other issues0 -
Thank you very much for the help.0
-
Advertisement
-
looks good
update mbam run a quick scan, fix anything it finds, and post that log here
Hi ASJ,
Same issue on my laptop as with ButchCassidy. Can you have a look at the attached files and let me if a similar fix (tried the fix above but no joy) can be employed. Exact same issue, never got a chance to prevent the download from myptop.eu
Otl notepad
OTL logfile created on: 17/07/2011 17:16:55 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.82% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 131.95 Gb Free Space | 88.55% Space Free | Partition Type: NTFS
Drive
| 1.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 996.72 Mb Total Space | 498.97 Mb Free Space | 50.06% Space Free | Partition Type: FAT
Computer Name: xxxxxxxx | User Name: xxxx | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/17 16:49:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/07/16 15:14:24 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
PRC - [2010/02/09 00:05:56 | 000,227,560 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\Dell Latitude ON Flash\config\BTFAgent.exe
PRC - [2010/01/25 15:28:56 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/01/15 18:41:28 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 22:53:48 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/14 21:50:06 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/14 20:47:22 | 000,158,592 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/14 09:42:26 | 000,495,711 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/01/14 09:41:42 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/12/29 22:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/18 22:09:30 | 000,176,128 | ---- | M] (Ericsson AB) -- C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
PRC - [2009/12/10 19:12:38 | 001,338,144 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/12/08 18:08:34 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA015Mon.exe
PRC - [2009/11/24 21:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/02 17:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/07/08 23:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/04/16 05:11:06 | 000,746,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2009/02/01 01:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/07/17 16:49:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
========== Driver Services (SafeList) ==========
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.euro.dell.com/support/index.aspx?c=ie&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BTFAgent] C:\Program Files\Dell Latitude ON Flash\config\BTFAgent.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BTFWelcome] C:\Program Files\Dell Latitude ON Flash\config\BTFWelcome.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OA015Mon] C:\WINDOWS\OA015Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [4013818410] C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe ()
O4 - HKCU..\Run: [WirelessManager] C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 22:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{561b3f36-c739-11df-b365-028037ec0200}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
========== Files/Folders - Created Within 30 Days ==========
[2011/07/07 22:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\S60
[2011/07/07 21:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Audi Q3 and 5
[2011/07/06 09:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Alfa Romeo
[2011/06/22 10:42:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/17 17:18:21 | 000,475,520 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/17 17:18:21 | 000,083,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
[2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
[2011/07/17 17:14:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\WavXMapDrive.bat
[2011/07/17 17:14:17 | 000,247,299 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/07/17 17:14:17 | 000,244,353 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/07/17 17:14:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 17:13:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 17:13:33 | 2136,887,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 16:45:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/16 15:14:24 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
[2011/07/16 15:14:23 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
[2011/07/15 19:56:55 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2011/07/14 11:04:15 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 00:24:28 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 21:10:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 14:12:52 | 000,244,353 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/06/21 12:22:45 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Access 2007.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/16 15:14:24 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
[2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
[2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
[2011/07/16 15:14:23 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
[2010/12/11 19:14:47 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/22 14:07:05 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2010/09/21 16:38:06 | 000,222,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/21 15:53:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\WavXMapDrive.bat
[2010/09/21 15:48:48 | 000,019,400 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2010/05/15 15:33:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/05/15 15:29:33 | 001,589,414 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/15 15:27:34 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/15 13:08:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/15 12:52:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/05/15 12:52:58 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/05/15 12:52:58 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/05/15 12:50:55 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2010/05/15 12:50:55 | 000,206,216 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll
[2010/05/15 12:50:48 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2010/05/15 12:40:35 | 000,244,353 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/20 02:03:12 | 001,731,176 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/20 02:03:12 | 001,657,448 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/20 02:03:12 | 001,612,392 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/20 02:03:12 | 001,108,584 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/02/20 02:03:12 | 000,510,568 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/02/20 02:03:12 | 000,473,704 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/20 02:03:12 | 000,449,128 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/11/19 21:47:10 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/11/18 21:21:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-HK.dll
[2009/11/18 21:21:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sl.dll
[2009/11/18 21:21:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_th.dll
[2009/11/18 21:21:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sk.dll
[2009/11/18 21:21:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hr.dll
[2009/11/18 21:20:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/11/18 21:20:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/11/18 21:20:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/11/18 21:20:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/11/18 21:20:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/11/18 21:20:50 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/11/18 21:20:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/11/18 21:20:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/11/18 21:20:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/11/18 21:20:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/11/18 21:20:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/11/18 21:20:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/11/18 21:20:40 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/11/18 21:20:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/11/18 21:20:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/11/18 21:20:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/11/18 21:20:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/11/18 21:20:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/11/18 21:20:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/11/18 21:20:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/11/18 21:20:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/11/18 21:20:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/11/18 21:20:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/11/18 21:20:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/11/13 14:17:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2009/11/06 21:27:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2009/08/26 22:25:08 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2008/05/27 03:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 03:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 22:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 22:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 22:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 17:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 17:16:22 | 000,475,520 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 17:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 17:16:22 | 000,083,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 17:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 17:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 17:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 17:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 17:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 17:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 17:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 17:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 10:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 10:21:52 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 15:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 16:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 16:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 16:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/30 18:58:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 18:58:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 14:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
========== LOP Check ==========
[2010/05/15 12:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2010/11/17 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/05/15 12:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/05/15 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/15 12:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/05/15 13:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Broadcom
[2010/05/15 12:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Wave Systems Corp
[2010/05/15 12:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/09/21 15:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2010/05/15 13:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WirelessManager
========== Purity Check ==========
< End of report >
Otl extras
OTL Extras logfile created on: 17/07/2011 17:16:55 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.82% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 131.95 Gb Free Space | 88.55% Space Free | Partition Type: NTFS
Drive | 1.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 996.72 Mb Total Space | 498.97 Mb Free Space | 50.06% Space Free | Partition Type: FAT
Computer Name: xxxxxx | User Name: user | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe ()
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"12345:TCP" = 12345:TCP:*:Enabled:Trend Micro OfficeScan Listener
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{259BD7B2-490E-4773-A159-284912544111}" = Dell Latitude ON Configuration Utility Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{314E5785-BD81-47FD-9D6B-5C3CD31B351B}" = Dell ControlPoint System Manager
"{33F0BD6D-49B0-4030-8940-0FD0414DD9CB}" = Dell Control Point
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49DFA1BB-F417-491C-9457-F483CC98678C}" = SO32MMWrapper
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A7F4379-B2EE-444F-AC4A-C5379B1CF95E}" = Dell ControlVault Host Components Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5D035A-B5B8-41DC-8F00-C133BA21AD4E}" = DCP32MMWrapper
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B83E30A9-A744-4C55-BF55-33CA9FCB62C1}" = Wave Infrastructure Installer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Creative OA015" = Integrated Webcam Driver (1.00.07.1208)
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card Utility" = DW WLAN Card Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
any help appreciated.0 -
open OTL paste this in the custom scan/fixes box
:OTL
O33 - MountPoints2\{561b3f36-c739-11df-b365-028037ec0200}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
O4 - HKCU..\Run: [4013818410] C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe ()
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
[2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
[2011/07/16 15:14:24 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
[2011/07/16 15:14:23 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
[2011/07/16 15:14:24 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
[2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
[2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
[2011/07/16 15:14:23 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
type C:\Documents and Settings\user\Local Settings\Application Data\WavXMapDrive.bat /c
click run fix
then run combofix and post its log here
http://www.bleepingcomputer.com/download/anti-virus/combofix0 -
Hi ASJ,
Thanks for the help.
I went through Bikos thread before your reply as it was similar, had a lot of difficulty getting safemode etc but managed to delete both executables using task manager to stop running the program. However do I need to delete the 0u8voj551t25n7h1juq file as well?
am trying out your fix as we speak0 -
yep I would delete it
if the OTL script works and there are no issues then leave the combofix step0 -
Hi ASJ,
Done as per the OTL fix, left Combo. Many thanks, a bit clearer on the perils of malware, never slag my father again for clicking on the download button! These malware guys and gals are getting sophisticated, download is just a click on a play live stream football video button.0 -
Hi Folks ... I got infected with the same problem last night .. any help much appreciated.
Ran rkill and Malwarebytes and that removed 8 infections but the little Warning Sheild Icon still remains in the icon tray beside the clock so I know Im not clean.
OTL File as follows :OTL logfile created on: 25/07/2011 09:54:22 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ray\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.56% Memory free
3.33 Gb Paging File | 2.57 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.38 Gb Free Space | 43.63% Space Free | Partition Type: NTFS
Computer Name: L3T7456 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
PRC - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2011/04/18 17:22:00 | 000,369,664 | ---- | M] (IBM Corp.) -- c:\sdwork\issimgui.exe
PRC - [2011/02/21 16:57:04 | 000,294,168 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
PRC - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
PRC - [2011/02/03 16:51:40 | 001,432,800 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2010/10/27 11:45:48 | 000,184,371 | ---- | M] () -- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.25\pmonmh.exe
PRC - [2010/09/30 11:47:53 | 000,010,752 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
PRC - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) -- c:\notes\nsd.exe
PRC - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe
PRC - [2010/02/08 11:19:02 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
PRC - [2010/02/04 16:05:30 | 000,110,592 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200904080758\jre\bin\sametime80w.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe
PRC - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
PRC - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- c:\notes\ntmulti.exe
PRC - [2009/09/29 11:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
PRC - [2009/04/02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/10/09 23:37:58 | 000,180,224 | ---- | M] () -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.1.200810091628\win32\x86\eclipse.exe
PRC - [2008/09/03 15:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2007/05/17 11:50:16 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/05/17 11:46:44 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/05/17 11:41:20 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/01/30 13:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
PRC - [2006/10/20 10:01:30 | 002,107,392 | ---- | M] (VoiceRite, Inc) -- C:\Program Files\VoiceRite\Client\Viewer.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/05/30 01:00:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/02/14 01:00:00 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 10:07:18 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
PRC - [2005/07/05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
========== Modules (SafeList) ==========
MOD - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/02/14 01:00:00 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (NetCfgSvr)
SRV - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/09/06 10:07:18 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv)
SRV - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
========== Driver Services (SafeList) ==========
DRV - [2011/07/25 09:00:08 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SMR200.SYS -- (SMR200)
DRV - [2011/05/18 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 18:07:10 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20110720.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/02/22 11:55:54 | 000,006,400 | ---- | M] (IBM Corp.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\isamfilter.sys -- (IsamFilter)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/10/07 12:41:44 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/10/07 12:41:24 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/10/07 12:05:12 | 000,219,776 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/02/19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/12/22 12:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/15 03:00:20 | 000,055,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/08/07 17:02:18 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/08/07 17:02:14 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2006/08/07 17:02:02 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/08/07 17:01:56 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/08/03 02:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/03 02:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/01 20:04:00 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/08/01 20:00:34 | 000,851,706 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/08/01 19:58:12 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/08/01 19:57:26 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/08/01 19:54:32 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/07/21 01:00:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/26 01:00:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/06 10:07:18 | 001,286,560 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
DRV - [2005/09/06 10:07:18 | 000,195,872 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
DRV - [2005/09/06 10:07:18 | 000,160,288 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
DRV - [2005/09/06 10:07:18 | 000,120,192 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
DRV - [2005/09/06 10:07:18 | 000,101,408 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
DRV - [2005/09/06 10:07:18 | 000,075,200 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
DRV - [2005/09/06 10:07:18 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
DRV - [2005/09/06 10:07:18 | 000,067,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
DRV - [2005/09/06 10:07:18 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
DRV - [2005/09/06 10:07:18 | 000,059,504 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
DRV - [2005/09/06 10:07:18 | 000,059,392 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IP)
DRV - [2005/09/06 10:07:18 | 000,058,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
DRV - [2005/09/06 10:07:18 | 000,054,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
DRV - [2005/09/06 10:07:18 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
DRV - [2005/09/06 10:07:18 | 000,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
DRV - [2005/09/06 10:07:18 | 000,050,336 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
DRV - [2005/09/06 10:07:18 | 000,038,236 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
DRV - [2005/09/06 10:07:18 | 000,036,048 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
DRV - [2005/09/06 10:07:18 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
DRV - [2005/09/06 10:07:18 | 000,022,384 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
DRV - [2005/09/06 10:07:18 | 000,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
DRV - [2005/09/06 10:07:18 | 000,019,984 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
DRV - [2005/09/06 10:07:18 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
DRV - [2005/09/06 10:07:18 | 000,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
DRV - [2005/09/06 10:07:18 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
DRV - [2005/09/06 10:07:18 | 000,012,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
DRV - [2005/09/06 10:07:18 | 000,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
DRV - [2005/09/06 10:07:18 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
DRV - [2005/09/06 10:07:18 | 000,008,608 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
DRV - [2005/09/06 10:07:18 | 000,006,784 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
DRV - [2004/06/03 18:47:26 | 000,164,224 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\abvpn2k.sys -- (ABVPN2K)
DRV - [2004/05/06 17:12:10 | 000,114,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ie"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [EMAIL="anticontainer@downthemall.net:1.0"]anticontainer@downthemall.net:1.0[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="canitbecheaper@trafficbroker.co.uk:3.1.5"]canitbecheaper@trafficbroker.co.uk:3.1.5[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2010/11/23 14:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 18:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 08:09:40 | 000,000,000 | ---D | M]
[2008/11/18 10:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Extensions
[2010/02/04 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse\extensions
[2008/06/23 15:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse1\extensions
[2011/06/29 16:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions
[2010/12/09 16:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/24 08:54:52 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\searchplugins\web-search.xml
[2010/09/15 15:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2010/11/23 14:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\IBM\JAVA60\JRE\LIB\DEPLOY\JQS\FF
[2011/05/10 18:06:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/10 18:06:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 18:06:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/10 18:06:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 18:06:13 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 18:06:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2 - BHO: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {00B8E20C-5C71-4C2F-85A5-6AD541500DF0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7F312B9A-208B-49FA-8218-B9AA22EC1463} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A1B2F3FA-DD1D-470B-A23E-A133B2F8EF60} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe (IBM)
O4 - HKLM..\Run: [Isamtray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.25/pmonmh.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [assistant2] C:\Program Files\VoiceRite\Client\Viewer.exe (VoiceRite, Inc)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [IBM Lotus Sametime Connect] C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\rcplauncher.exe ()
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: noDriveTypeAutorun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ibm.com ([w3] * in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://de201.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.ie/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://photos.fujipix.ie/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} https://comp.emea.workscape.com/oneforce/compplanner/master.cab (One Force Compplanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265405737920 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bluepages/scripts/lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenceservers.com/components/WDPLUGIN.CAB (Unyte Conferencing Plugin)
O16 - DPF: Microsoft XML Parser for Java [URL]file://C:\WINDOWS\Java\classes\xmldso.cab[/URL] (Reg Error: Key error.)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 () - [URL]file:///C:/Documents%20and%20Settings/ray/Desktop/camera/DSC00040.JPG[/URL]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 18:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/25 09:46:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
[2011/07/25 09:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\smkits
[2011/07/25 09:00:08 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR200.SYS
[2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Local Settings\Application Data\NPE
[2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/07/25 08:08:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/25 06:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\Malwarebytes
[2011/07/25 06:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/25 06:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/25 06:04:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/07/13 12:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Desktop\QC Defects
[2011/07/07 16:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/26 09:42:21 | 000,000,000 | -HSD | C] -- C:\found.004
[2008/04/23 12:19:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ray\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2020/02/17 20:53:24 | 000,098,304 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
[2015/04/12 05:06:12 | 000,023,552 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\PostProc.dll
[2014/05/15 04:06:28 | 002,310,144 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2014/05/15 04:06:28 | 001,503,232 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2014/05/15 04:06:28 | 000,899,706 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2014/05/15 04:06:28 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2014/05/15 04:06:28 | 000,524,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2014/05/15 04:06:28 | 000,450,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2014/05/15 04:06:28 | 000,214,746 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2014/05/15 04:06:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2014/05/15 04:06:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2014/05/15 04:06:28 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2014/05/15 04:06:28 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2014/05/15 04:06:28 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2014/05/15 04:06:28 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2014/05/15 04:06:28 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2014/05/15 04:06:28 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2014/05/15 04:06:28 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2014/05/15 04:06:28 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2014/05/15 04:06:28 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2014/05/15 04:06:28 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2014/05/15 04:06:28 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2014/05/15 04:06:28 | 000,119,419 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2014/05/15 04:06:28 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2014/05/15 04:06:28 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2014/05/15 04:06:28 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2014/05/15 04:06:28 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2014/05/15 04:06:28 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2014/05/15 04:06:28 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2014/05/15 04:06:28 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2014/05/15 04:06:28 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2014/05/15 04:06:28 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4450.dll
[2014/05/15 04:06:28 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
[2014/05/15 04:06:28 | 000,057,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll
[2014/05/15 04:06:28 | 000,057,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2014/05/15 04:06:28 | 000,049,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2014/05/15 04:06:28 | 000,040,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2014/05/15 04:06:28 | 000,036,990 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2014/05/15 04:06:28 | 000,025,936 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
[2014/05/15 04:06:28 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
[2011/07/25 09:29:59 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2011/07/25 09:08:19 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/07/25 09:07:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 09:02:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 09:01:07 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2011/07/25 09:00:08 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR200.SYS
[2011/07/25 08:14:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/25 08:09:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/25 06:04:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
[2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
[2011/07/24 23:53:51 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 23:53:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
[2011/07/24 21:38:16 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
[2011/07/24 16:24:57 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/07/23 22:09:48 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\ray\default.pls
[2011/07/23 21:36:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
[2011/07/14 09:02:11 | 000,350,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 08:09:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 13:33:13 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/07 16:49:32 | 000,101,148 | ---- | M] () -- C:\Documents and Settings\ray\screenshot.JPG
[2011/07/06 16:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
[2011/07/05 15:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/03 23:01:49 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/25 08:09:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/25 08:09:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/25 06:04:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/25 06:03:37 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ray\Desktop\rkill.com
[2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
[2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
[2011/07/12 13:33:13 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/07 16:49:31 | 000,101,148 | ---- | C] () -- C:\Documents and Settings\ray\screenshot.JPG
[2011/03/01 18:30:05 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2010/12/14 12:44:15 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/12/02 17:33:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2010/04/30 14:51:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\chrtmp
[2010/03/25 12:40:03 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2010/01/03 13:07:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/03 13:07:57 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/01/03 13:07:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\$_hpcst$.hpc
[2009/12/30 18:21:26 | 000,076,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 12:04:32 | 000,144,236 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/03/26 11:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/03/26 11:03:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/18 10:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/09 15:25:55 | 000,082,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2008/04/25 08:10:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
[2008/04/24 09:03:59 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/23 12:19:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\inst.exe
[2008/04/23 12:19:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.cat
[2008/04/23 12:19:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.inf
[2008/04/17 11:18:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/04/17 11:18:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2008/04/15 15:02:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/15 13:54:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/09 12:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/17 19:47:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/10/12 00:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/05/16 19:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/05/04 15:31:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/26 09:47:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/25 22:17:44 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/23 19:33:17 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/23 11:56:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2007/03/21 01:24:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\brioqry6.ini
[2007/03/21 01:24:44 | 000,043,494 | ---- | C] () -- C:\WINDOWS\bqmeta0.ini
[2007/03/21 01:24:44 | 000,028,139 | ---- | C] () -- C:\WINDOWS\bqformat.ini
[2007/03/21 01:21:34 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/03/21 01:10:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2007/03/21 01:10:26 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/03/21 01:08:07 | 000,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
[2007/03/21 01:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007/03/21 01:06:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/03/21 01:05:49 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/03/21 01:05:24 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2007/03/21 01:05:23 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/03/21 01:03:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/03/21 01:00:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2007/03/21 01:00:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2007/03/20 18:17:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/03/20 18:08:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/11/29 23:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/08 00:16:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\ai63f5.exe
[2006/08/01 20:13:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/07/17 21:30:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/24 01:55:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/09/06 10:07:18 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.com
[2005/04/27 10:53:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/05 21:46:42 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/04/05 20:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2005/04/05 20:45:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2005/04/05 20:45:51 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2005/04/05 20:45:51 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\pdprDlg.dll
[2005/04/05 20:45:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\selnt.dll
[2005/04/05 20:45:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IBMMenu.dll
[2005/04/04 20:42:47 | 000,000,299 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/04 19:42:15 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/04/04 19:36:58 | 000,004,702 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/04 19:34:38 | 000,350,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/04 18:46:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/04/04 18:41:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,435,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,069,588 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/08 01:00:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
[2003/04/08 01:00:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2003/04/08 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2003/04/08 01:00:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2003/04/08 01:00:00 | 000,014,928 | ---- | C] () -0 -
can you post the mbam log ?
open OTL paste this in the custom scan/fixes box at the bottom
:OTL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp -> ]
[2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
[2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
[2011/07/25 06:03:37 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ray\Desktop\rkill.com
[2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
[2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
[2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
[2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
:Commands
[EMPTYTEMP]
[PURITY]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
click run fix0 -
Thanks very much ASJ112 .... I did as you said and report is as follows :All processes killed
========== OTL ==========
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\ray\Local Settings\Application Data\d3d9caps.tmp deleted successfully.
C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx moved successfully.
C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx moved successfully.
C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\qcmj.exe moved successfully.
C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\jupe.exe moved successfully.
C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\mgcp.exe moved successfully.
C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe moved successfully.
C:\Documents and Settings\ray\Desktop\rkill.com moved successfully.
File C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx not found.
File C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx not found.
File C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe not found.
File C:\Documents and Settings\All Users\Application Data\qcmj.exe not found.
File C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe not found.
File C:\Documents and Settings\All Users\Application Data\jupe.exe not found.
File C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe not found.
File C:\Documents and Settings\All Users\Application Data\mgcp.exe not found.
File C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 6256756 bytes
->Temporary Internet Files folder emptied: 11795919 bytes
->Flash cache emptied: 300 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 196742 bytes
->Flash cache emptied: 41920 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 55168395 bytes
->Flash cache emptied: 291 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2317232 bytes
User: ray
->Temp folder emptied: 198178726 bytes
->Temporary Internet Files folder emptied: 25641777 bytes
->Java cache emptied: 29721645 bytes
->FireFox cache emptied: 52192355 bytes
->Flash cache emptied: 1527014 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117277126 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 106320806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 103424 bytes
Total Files Cleaned = 579.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: ray
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.26.1 log created on 07252011_133012
Files\Folders moved on Reboot...
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\Y38Y0C47\o2om_smscenter_new[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\RWSXIWFH\smscenter_send[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\RWSXIWFH\ssomanager[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\L2Y031MH\Home[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\2M938DVC\search[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\2M938DVC\showthread[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\295LTSBR\asp_view_month[1].htm moved successfully.
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...
In Windows Security Centre it will not let me switch on "Automatic Updates" ??0 -
side effect of the malware probably, will deal with that later
can you post the mbam log ?
open OTL paste this in the custom scan/fixes box
netsvcs
drivers32
activex
safebootminimal
safebootnetwork
msconfig
C:\Documents and Settings\ray\Local Settings\Application Data\*.*
C:\Documents and Settings\All Users\Application Data\*.*
click quick scan post the log it gives0 -
Think I deleted the mbam log - I can't find it !
Found the answer to the Automatic Updates problem on microsofts help site: Start > run > typed in regsvr32 wuaueng.dll and it turned back on.
Report from OTL ...OTL logfile created on: 25/07/2011 13:54:50 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ray\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.64% Memory free
3.33 Gb Paging File | 2.52 Gb Available in Paging File | 75.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.78 Gb Free Space | 44.33% Space Free | Partition Type: NTFS
Computer Name: L3T7456 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
PRC - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2011/02/21 16:57:04 | 000,294,168 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
PRC - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
PRC - [2011/02/03 16:51:40 | 001,432,800 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2010/10/27 11:45:48 | 000,184,371 | ---- | M] () -- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.25\pmonmh.exe
PRC - [2010/09/30 11:47:53 | 000,010,752 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
PRC - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) -- c:\notes\nsd.exe
PRC - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe
PRC - [2010/02/08 11:19:02 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
PRC - [2010/02/04 16:05:30 | 000,110,592 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200904080758\jre\bin\sametime80w.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe
PRC - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
PRC - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- c:\notes\ntmulti.exe
PRC - [2009/09/29 11:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
PRC - [2009/04/02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/10/09 23:37:58 | 000,180,224 | ---- | M] () -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.1.200810091628\win32\x86\eclipse.exe
PRC - [2008/09/03 15:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2007/05/17 11:50:16 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/05/17 11:46:44 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/05/17 11:41:20 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/01/30 13:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
PRC - [2006/10/20 10:01:30 | 002,107,392 | ---- | M] (VoiceRite, Inc) -- C:\Program Files\VoiceRite\Client\Viewer.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/05/30 01:00:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/02/14 01:00:00 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 10:07:18 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
PRC - [2005/07/05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
========== Modules (SafeList) ==========
MOD - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/02/14 01:00:00 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (NetCfgSvr)
SRV - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/09/06 10:07:18 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv)
SRV - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
========== Driver Services (SafeList) ==========
DRV - [2011/05/18 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 18:07:10 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20110720.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/02/22 11:55:54 | 000,006,400 | ---- | M] (IBM Corp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\isamfilter.sys -- (IsamFilter)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/10/07 12:41:44 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/10/07 12:41:24 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/10/07 12:05:12 | 000,219,776 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/02/19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/12/22 12:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/15 03:00:20 | 000,055,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/08/07 17:02:18 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/08/07 17:02:14 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2006/08/07 17:02:02 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/08/07 17:01:56 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/08/03 02:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/03 02:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/01 20:04:00 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/08/01 20:00:34 | 000,851,706 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/08/01 19:58:12 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/08/01 19:57:26 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/08/01 19:54:32 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/07/21 01:00:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/26 01:00:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/06 10:07:18 | 001,286,560 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
DRV - [2005/09/06 10:07:18 | 000,195,872 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
DRV - [2005/09/06 10:07:18 | 000,160,288 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
DRV - [2005/09/06 10:07:18 | 000,120,192 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
DRV - [2005/09/06 10:07:18 | 000,101,408 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
DRV - [2005/09/06 10:07:18 | 000,075,200 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
DRV - [2005/09/06 10:07:18 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
DRV - [2005/09/06 10:07:18 | 000,067,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
DRV - [2005/09/06 10:07:18 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
DRV - [2005/09/06 10:07:18 | 000,059,504 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
DRV - [2005/09/06 10:07:18 | 000,059,392 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IP)
DRV - [2005/09/06 10:07:18 | 000,058,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
DRV - [2005/09/06 10:07:18 | 000,054,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
DRV - [2005/09/06 10:07:18 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
DRV - [2005/09/06 10:07:18 | 000,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
DRV - [2005/09/06 10:07:18 | 000,050,336 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
DRV - [2005/09/06 10:07:18 | 000,038,236 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
DRV - [2005/09/06 10:07:18 | 000,036,048 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
DRV - [2005/09/06 10:07:18 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
DRV - [2005/09/06 10:07:18 | 000,022,384 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
DRV - [2005/09/06 10:07:18 | 000,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
DRV - [2005/09/06 10:07:18 | 000,019,984 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
DRV - [2005/09/06 10:07:18 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
DRV - [2005/09/06 10:07:18 | 000,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
DRV - [2005/09/06 10:07:18 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
DRV - [2005/09/06 10:07:18 | 000,012,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
DRV - [2005/09/06 10:07:18 | 000,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
DRV - [2005/09/06 10:07:18 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
DRV - [2005/09/06 10:07:18 | 000,008,608 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
DRV - [2005/09/06 10:07:18 | 000,006,784 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
DRV - [2004/06/03 18:47:26 | 000,164,224 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\abvpn2k.sys -- (ABVPN2K)
DRV - [2004/05/06 17:12:10 | 000,114,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ie"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [EMAIL="anticontainer@downthemall.net:1.0"]anticontainer@downthemall.net:1.0[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="canitbecheaper@trafficbroker.co.uk:3.1.5"]canitbecheaper@trafficbroker.co.uk:3.1.5[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2010/11/23 14:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 18:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 08:09:40 | 000,000,000 | ---D | M]
[2008/11/18 10:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Extensions
[2010/02/04 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse\extensions
[2008/06/23 15:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse1\extensions
[2011/06/29 16:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions
[2010/12/09 16:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/24 08:54:52 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\searchplugins\web-search.xml
[2010/09/15 15:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2010/11/23 14:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\IBM\JAVA60\JRE\LIB\DEPLOY\JQS\FF
[2011/05/10 18:06:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/10 18:06:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 18:06:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/10 18:06:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 18:06:13 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 18:06:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/25 13:31:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2 - BHO: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {00B8E20C-5C71-4C2F-85A5-6AD541500DF0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7F312B9A-208B-49FA-8218-B9AA22EC1463} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A1B2F3FA-DD1D-470B-A23E-A133B2F8EF60} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe (IBM)
O4 - HKLM..\Run: [Isamtray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.25/pmonmh.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [assistant2] C:\Program Files\VoiceRite\Client\Viewer.exe (VoiceRite, Inc)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [IBM Lotus Sametime Connect] C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\rcplauncher.exe ()
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: noDriveTypeAutorun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ibm.com ([w3] * in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://de201.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.ie/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://photos.fujipix.ie/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} https://comp.emea.workscape.com/oneforce/compplanner/master.cab (One Force Compplanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265405737920 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bluepages/scripts/lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenceservers.com/components/WDPLUGIN.CAB (Unyte Conferencing Plugin)
O16 - DPF: Microsoft XML Parser for Java [URL]file://C:\WINDOWS\Java\classes\xmldso.cab[/URL] (Reg Error: Key error.)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 () - [URL]file:///C:/Documents%20and%20Settings/ray/Desktop/camera/DSC00040.JPG[/URL]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 18:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {18849117-D89F-9FA0-EF73-650707C88CC9} - DirectX
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C451185A-C274-2649-D438-7C2FE9D4EB74} - Outlook Express
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E4D6A0F2-163D-BCE0-8B06-2B3943C99376} - DirectAnimation
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe - (Lotus Development Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: assistant2 - hkey= - key= - C:\Program Files\VoiceRite\Client\Viewer.exe (VoiceRite, Inc)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: Boots Insert Detect - hkey= - key= - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
MsConfig - StartUpReg: C4EBReg - hkey= - key= - C:\Program Files\c4ebreg\c4ebreg.exe (IBM Corp.)
MsConfig - StartUpReg: defergui - hkey= - key= - File not found
MsConfig - StartUpReg: ISSI EZUpdate Service - hkey= - key= - c:\sdwork\issimsvc.exe (IBM Corp.)
MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
MsConfig - StartUpReg: MyHelpService - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: pmonmh - hkey= - key= - File not found
MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Sametime Connect 7.5 - hkey= - key= - C:\Program Files\IBM\Sametime Connect\sametime.exe ()
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TPKMAPHELPER - hkey= - key= - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2011/07/25 13:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\smkits
[2011/07/25 13:30:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/25 09:46:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
[2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Local Settings\Application Data\NPE
[2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/07/25 08:08:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/25 06:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\Malwarebytes
[2011/07/25 06:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/25 06:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/25 06:04:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/07/13 12:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Desktop\QC Defects
[2011/07/07 16:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/26 09:42:21 | 000,000,000 | -HSD | C] -- C:\found.004
[2008/04/23 12:19:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ray\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2020/02/17 20:53:24 | 000,098,304 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
[2014/05/15 04:06:28 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2014/05/15 04:06:28 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
[2014/05/15 04:06:28 | 000,025,936 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
[2014/05/15 04:06:28 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/07/25 13:37:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/07/25 13:37:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 13:33:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 13:31:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/25 13:30:14 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
[2011/07/25 09:29:59 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2011/07/25 08:09:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/25 06:04:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/24 23:53:51 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 23:53:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/24 21:38:16 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
[2011/07/24 16:24:57 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/07/23 22:09:48 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\ray\default.pls
[2011/07/23 21:36:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
[2011/07/14 09:02:11 | 000,350,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 08:09:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 13:33:13 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/07 16:49:32 | 000,101,148 | ---- | M] () -- C:\Documents and Settings\ray\screenshot.JPG
[2011/07/06 16:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
[2011/07/05 15:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/03 23:01:49 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011/07/25 08:09:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/25 08:09:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/25 06:04:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/12 13:33:13 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/07 16:49:31 | 000,101,148 | ---- | C] () -- C:\Documents and Settings\ray\screenshot.JPG
[2011/03/01 18:30:05 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2010/12/14 12:44:15 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/12/02 17:33:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2010/04/30 14:51:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\chrtmp
[2010/03/25 12:40:03 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2010/01/03 13:07:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/03 13:07:57 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/01/03 13:07:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\$_hpcst$.hpc
[2009/12/30 18:21:26 | 000,076,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 12:04:32 | 000,144,236 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/03/26 11:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/03/26 11:03:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/18 10:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/09 15:25:55 | 000,082,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2008/04/25 08:10:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
[2008/04/24 09:03:59 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/23 12:19:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\inst.exe
[2008/04/23 12:19:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.cat
[2008/04/23 12:19:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.inf
[2008/04/17 11:18:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/04/17 11:18:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2008/04/15 15:02:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/15 13:54:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/09 12:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/17 19:47:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/10/12 00:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/05/16 19:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/05/04 15:31:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/26 09:47:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/25 22:17:44 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/23 19:33:17 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/23 11:56:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2007/03/21 01:24:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\brioqry6.ini
[2007/03/21 01:24:44 | 000,043,494 | ---- | C] () -- C:\WINDOWS\bqmeta0.ini
[2007/03/21 01:24:44 | 000,028,139 | ---- | C] () -- C:\WINDOWS\bqformat.ini
[2007/03/21 01:21:34 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.d0 -
Advertisement
-
open mbam, there should be a quarantine/log tab where you can get the log. Don't worry if its not there
open OTL paste this in the custom scan/fix box
:Files
C:\WINDOWS\tasks\At*.job
C:\Documents and Settings\ray\Application Data\chrtmp
click run fix.
re-open OTL, click the None button at the top, paste this in the custom scan/fix box
C:\Documents and Settings\All Users\Start Menu\*.*
C:\Documents and Settings\All Users\Start Menu\Programs\*.
click run scan, post the log it gives0 -
Thanks again ....OTL logfile created on: 25/07/2011 14:12:16 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ray\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.82% Memory free
3.33 Gb Paging File | 2.45 Gb Available in Paging File | 73.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.77 Gb Free Space | 44.32% Space Free | Partition Type: NTFS
Computer Name: L3T7456 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< C:\Documents and Settings\All Users\Start Menu\*.* >
[2010/04/22 15:07:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2006/08/08 00:16:45 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\IBM Ayudame.lnk
[2005/04/04 18:49:01 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Internet Explorer.lnk
[2005/04/05 21:29:58 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus 1-2-3.lnk
[2005/04/05 21:30:13 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Approach.lnk
[2005/04/05 21:30:21 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Freelance Graphics.lnk
[2005/12/15 02:29:49 | 000,001,468 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Notes 7.lnk
[2005/04/05 21:30:35 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Organizer.lnk
[2005/04/05 21:30:52 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Word Pro.lnk
[2007/03/21 01:12:19 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\My Bluetooth Places.lnk
[2007/06/21 12:50:59 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
[2007/06/21 12:50:59 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
[2005/04/05 20:49:41 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Sametime Connect.lnk
[2007/03/21 01:23:11 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\SAPLOGON Customizer.lnk
[2010/04/22 15:07:07 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2007/07/20 08:09:07 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\WinAce Archiver.lnk
[2008/05/22 11:55:54 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\WinZip.lnk
< C:\Documents and Settings\All Users\Start Menu\Programs\*. >
[2007/03/21 01:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM
[2010/04/22 15:06:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2005/04/04 19:07:15 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2005/04/05 21:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AFP Workbench for Windows
[2010/04/14 11:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T Network Client
[2008/08/01 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2008/05/08 13:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2010/08/27 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoGK
[2008/10/22 08:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5
[2008/07/23 21:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Download Manager
[2007/10/17 19:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Boots F2CD Picture Suite
[2007/03/21 01:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brio
[2007/03/21 01:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Business Explorer
[2010/09/14 09:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4300
[2008/10/08 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4600 series
[2008/10/08 11:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4600 series Manual
[2008/10/08 11:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4600 series User Registration
[2007/04/23 11:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP4000
[2008/10/08 11:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2008/10/08 11:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CD-LabelPrint
[2009/04/06 13:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2010/12/14 12:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2009/10/01 20:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Photo Navigator
[2008/09/17 22:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2007/04/26 09:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/02/01 16:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\eManager
[2008/11/10 17:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinePixViewer S
[2005/04/04 18:41:30 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2009/05/08 14:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM DB2
[2007/03/20 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM GSA
[2010/02/04 16:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Lotus Sametime Connect
[2006/07/18 04:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Personal Communications
[2011/01/24 09:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2008/08/28 10:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Infoprint Select
[2008/11/26 16:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ISC Innovation
[2011/03/27 17:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/10/13 16:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications
[2005/04/05 21:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus SmartSuite
[2011/07/25 06:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2008/08/06 20:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/07/07 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/06 16:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Minitab
[2008/08/01 09:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2007/04/26 09:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Premium
[2007/06/21 12:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Office Viewers
[2009/10/01 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
[2008/04/29 17:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PL-2303 USB-Serial Driver
[2011/03/27 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2008/05/16 17:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2008/10/22 08:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2009/12/30 18:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Regensoft
[2008/04/15 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio
[2010/01/03 13:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung New PC Studio
[2007/03/21 01:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAP Front End
[2011/04/11 15:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Ericsson
[2011/03/01 21:25:00 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2008/08/01 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter
[2007/03/20 18:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
[2008/02/18 19:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
[2005/04/05 21:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tivoli Storage Manager
[2005/04/05 20:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
[2009/12/21 16:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VoiceRite
[2008/04/25 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
[2008/08/06 20:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinAce
[2008/01/09 21:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2008/05/22 11:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/07/25 13:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Workstation Security Tool
[2010/08/27 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\XviD
[2011/06/17 11:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zevera Downloader
< >
< End of report >0 -
update mbam run a quick scan post that log here
and tell me how its running0 -
mbam quickscan .... laptop seems to be running great, no issues with anything since your help ...Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 7269
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/07/2011 14:26:58
mbam-log-2011-07-25 (14-26-58).txt
Scan type: Quick scan
Objects scanned: 173470
Time elapsed: 9 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
good stuff
open OTL click the Cleanup button, and then you are all done
0 -
-
Hi .... I'm having serious problems with this virus too.
I've tried avg, avast, rkill, etc but with no luck.
I can't install OTL or Malwarebytes - a program called QMT.EXE loads itself and kills the installation. If I delete qmt.exe, it seems to mess up the operating system and I cant even run windows explorer.
Any help at all would be appreciated .... many thanks in advance !!!0 -
try run OTL in safe mode, should work there
if that fails, rename OTL to "explorer.exe" and it should run in safe mode, then post the log from a Quick Scan from it0 -
try run OTL in safe mode, should work there
if that fails, rename OTL to "explorer.exe" and it should run in safe mode, then post the log from a Quick Scan from it
Thanks ASJ112 .... much appreciated ......here are the logs ....
OTL Extras logfile created on: 11/08/11 12:26:16 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Don\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yy
1021.98 Mb Total Physical Memory | 429.11 Mb Available Physical Memory | 41.99% Memory free
1.28 Gb Paging File | 0.83 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.69 Gb Total Space | 0.61 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office10\WINWORD.EXE:*:Enabled:Microsoft Word
"C:\Program Files\CommonSearch\VCatch.axe" = C:\Program FilecTComm/nSearch\VCatch.exe:*:EnableD:VCatch
"C:\Program Files\Abacast\Abaclieft.exe" = C:XProgram Files\Abacast\Abaclient.exe:*:Disabled:Abaclient -- (ABacaqt, Hnc.)
"C:\Program Files\Real\RealPlayer\trueplay.exe" = C:\Program Files\Real\RealPlayer\trueplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\YAhoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messengeb -- (YaHoo! Inc.)
"C:\Procram Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!LMessenger\YServdr.exe:*:Enabled:Y!hno! FT erver
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WåbUpdater\TBUUpdater.exe:*Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"" =
":\Program Files\Rierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Prgram Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.axe:*:Enabled:CwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\WINDOWS\Temp\~os8D.tmp\pmropn.exe" = C:\WINDOWS\Temp\~os8D.tmp\pmropn.exe:*:Enabled:pmropn.exe
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\DOCUME~1\Don\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe" = C:\DOCUME~1\Don\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE" = C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Documents and Settings\Don\Local Settings\Temp\Temporary Internet Files\Content.IE5\1N2Q778M\SweetImSetup[1].exe" = C:\Documents and Settings\Don\Local Settings\Temp\Temporary Internet Files\Content.IE5\1N2Q778M\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
"C:\Documents and Settings\Don\Local Settings\Temp\SweetIMReinstall\SweetImSetup[1].exe" = C:\Documents and Settings\Don\Local Settings\Temp\SweetIMReinstall\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0797886C-4656-4A8B-AD29-7C22F4629C45}" = SetupSBD
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12230A4C-6902-4001-B606-48C6FC98B42A}" = Thomas New Line
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{178B87CB-78D5-4FC6-8866-591808F19849}" = Microsoft Office Specialist Study Guide--Office 2003 Edition
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{24205C5B-A5EE-477F-938A-8E52F734B7FD}" = Web Studio 4.0
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40C2D00A-9235-4EA2-8AB9-2CAB7A842B49}" = Skill Builder DX
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5E31D9A2-0C83-46AE-858D-A390F7C5EB77}" = SetupSBD
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88742616-A6E9-4C7E-9665-B625799541FB}" = Wireless-G PCI Adapter
"{89A432D7-FC6F-4D17-AE76-D6063FB2BD99}" = Sierra Wireless 3G Watcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D90B43B-08C2-40E4-9099-EFE1842E4A05}" = TAS Books 2 v5
"{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
"{8E36B40E-34F4-41CE-991B-DAC7D9510D39}" = SetupSBD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96A52A11-4D38-43DA-A5A6-2BFF6C8D4897}" = Access Accounts 4.00f
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aea0-625cb7c207e3}" = Microsoft Visual C*+ 2005 Redistribu4able - KB2467175
"kA1F66FC9-11EE-42F-98C9-16F8D1E69FB7}" = Segoe U
"{A3051CD0-2D6-381#-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a5ab6888-ff41-4ab8-b772-5bfdcf597af3}.sdb" = thomas
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ADD31791-D676-4A7B-8FA8-A6EE7F1B4E5A}" = JourneySoftwarePromo
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7757137-0A71-4A9F-8A82-1AE4A1B73420}" = Nokia Connectivity Cable Driver
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C0774966-2821-11D3-B32D-00A0C9DA500E}" = Seagate Crystal Reports Professional Edition
"{C09FB3CD-1D0C-3F2D-899A-6A1D67F2073F}" = Micposoft .NET FramewoRk 2.0 Service ack "
"{C5EF1CA5-5153-44C0-B920-6744F5C2897}" = SetupSBDDotLetCon4rols
"{C8FD5BC1-92EF-4C15-92A9-F9C7B61985F}" = HP Update
"{CB2F7EDD-9D1F-3C1-90FC-4F52EAE172A1}" = Microsoft .NET Framdwork 1.1
"{CB449D5A-7710-44a!-B9F5-352B877B90E6}" = 600_Help
"{CC000127-5E5D-4A1-90CB-EEAAAC1E3AC0}" J!rc Pain4 Shop Phkto Album
{CC0BA5A8
E3EC
11D5-9194-00105A68CFFF}" = Learning Ladder Preschool
"{CC0BA5A-E3EC-11D5-9194-00105A68BFFF}" = Learning Ladder 1%2
"{CDFCF124-11F-4972-8 F4-08C89187A1$6}" = WebReg
"{CE0C8CC5-E396-442B%A50E-D1D#74A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DF5C5BD9}" = Microsoft .NAT Framework 3.5 SP
"[d08`9&98-1c78-4704-87e6-368b0023d831}" = elevanTKnowledge
"{D6F879BC-58D6-4D4B-AE9B-D761E48D25ED}" = Rkype™ 5.3
"[EMAIL="{E38C00D0-A68B-4318-@8A6-F7D4B5B1DF0E"]{E38C00D0-A68B-4318-@8A6-F7D4B5B1DF0E[/EMAIL]=" = WiNdOw3 Media Encode2 9 Series
"{E3B3AB03-8ABC-4CF-8CA9-DB5581E1F36}" = FinePix Studio
"{E496E82A-526D-47D3-9366-9AF135A8F}" = Sage InStant Account3
"{E6158D07,2637-4ECF-B576-37C481669174}" = Windows Live Call
"{E91E8912-769D-42F0-8408-0E32943BABC} = Sitecom Wipelesr Network UCB Adapter Tupbo G WL-172
"{EE39FFBD-544E-49E4-A999-6819828AE91}" = Windo6s LIVe PhoTo Gallery
";F0B430D1-B6AA-473D-9B6
AA3DD01FD0B8}" = M)croso&t SQL Server 00 Compact Edition [ENU]
"[EMAIL="{F0E12@B-AD46-4022-A453-A1C8A0C4D570"]{F0E12@B-AD46-4022-A453-A1C8A0C4D570[/EMAIL]}" = MicroSoft Choice Guard
"{F4C6C$0-1142-49be-A28C-7BBD36F0B41A|" = 160Trb
"[EMAIL="{FB22D020-3005-4715-8DF9-F3EDE81DE@3D"]{FB22D020-3005-4715-8DF9-F3EDE81DE@3D[/EMAIL]}" = CreativeProjectsTemplates
"{FF059F2A-62A7
4E6A-B305-559591D2769E}" = Nokia PC Suite
"101 almatiafs [EMAIL="St/ry@ook"]St/ry@ook[/EMAIL]" = 101 Dalmatians StopyBook
"Abacast Client" = Abacast lient
Adobe AIR" = Ad+be AIR
"Adobe Fla3h Player ActivdX" = ADobe Flash PlAyer 10 AbtiveX
"Adobe Shockwave Player" = Adobe Rhockwave Plaier
"av!st" = avas4! Free Antiv)r5s
"B,ackBerry][03333239-0A15-4845-BEEB-0232DAA5B7EA}" 9 BlackBdrry Desktop Software 5*0.1
"Browser Defender_hs1" = Brovse2 Defender 2.0.6.15
"Coff%aCu0 HTML Edipor 205" = CoffeeCup HTML Editor 0005
"Coupmn Printer2.0" = Coupon Printer
CrossLoop_is1" = Cro3sLoop 2.60
"Dasktop Uninstall" < D%sktop Uninstall
"DisneysMagicArt)stDeinstKey" = Disney's Magic Artist
"DMP-2300" = DMP-200
"FrostWire" = FrostVire 4.21.6
"GaRden PlaNjer_iq1" = Garden Plajnar .5
"greenqtreet Pictqre Browsep" 5 greenstreet Picture Brkwser
"HP hoto & Imaging" = HP Image one 4.7
"HPExtenDedCapabilities" = HP Eptended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E496E82A-526D-47D3-9366-9FAF0A135A8F}" = Sage Instant Accounts V12.00
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Live TV Toolbar" = Live TV Toolbar
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Lotus NotesSQL 2.06 driver" = Lotus NotesSQL 2.06 driver
"Magic3DeinstKey" = Magic 3D Colouring Book
"Mcafee SecurityCenter" = McAfee SecurityCenter
"MeasureUp DSA Engine" = MeasureUp DSA Engine
"Messenger Plus! Live" = Messenger Plus! Live
"Micropay for Windows" = Micropay for Windows
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"mIRC" = mIRC
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Quickpay" = Quickpay
"RealPlayer 6.0" = RealPlayer
"ROS Offline Application" = ROS Offline Application
"Serif PhotoPlus 6.0" = Serif PhotoPlus 6.0
"Serif WebPlus 6.0" = Serif WebPlus 6.0
"SiteSpinner V2" = SiteSpinner V2
"SopCast" = SopCast 2.0.2
"Sound'Em 1.0" = Sound'Em 1.0
"Spyware Doctor" = Spyware Doctor 7.0
"ST4UNST #1" = Thesaurus 2006 Payroll
"ST5UNST #1" = SMWLink3.0
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Superb Display Pictures for Messenger" = Superb Display Pictures for Messenger
"TV Player" = Veetle TV Player 0.9.11
"Veetle TV Player" = Veetle TV Player 0.9.11
"Video Encoder_is1" = Video Encoder 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08/08/11 12:00:55 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\Temp\_avast_\unp190387240.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 08/08/11 12:00:59 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\TEMP\_avast_\UNP190~1.TMP
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 08/08/11 12:01:28 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\TEMP\_avast_\UNP600~1.TMP
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 08/08/11 12:01:28 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Drojan.Ga..2 in File: C:\WINDOWS\Temp\_avast_\unp6009169.tmp
by: Aut/-Protect scan. Action: Quarantine succeeded : Access denieD. Actaon Descripthon:
The file was quaranpined successfully.
Error - 08/08/11 12:01:30 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\TEMP\_avast_\UNP600~1.TMP
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 08/08/11 17:20:46 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: W32.Harakit in File: C:\DOCUME~1\ALLUSE~1\DOCUME~1\qiioud.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.
Error - 08/08/11 17:20:47 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Harakit in File: C:\Documents and Settings\All
Users\Documents\qiioud.exe by: Auto-Protect scan. Action: Clean failed : Quarantine
failed : Delete succeeded : Access denied. Action Description: The file was deleted
successfully.
Error - 08/08/11 17:21:33 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: W32.Harakit in File: C:\DOCUME~1\ALLUSE~1\DOCUME~1\qiioud.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.
Error - 08/08/11 17:53:57 | Computer Name = DELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 08/08/11 17:53:58 | Computer Name = DELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload+update/v2/qtatic/trustedr/en/authrootstl.cab>
with error: A required certificate is not uiThin its validity period when verifying
against the curreNt system clock or dhe timertamp in the signed fiLe.
[ System Events ]
Error - 10/08/11 04:37:11 | Computer Name = DELL | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 10/08/11 16:46:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%2
Error - 10/08/11 16:46:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2
Error - 10/08/11 16:46:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
Error - 10/08/11 16:51:50 | Computer Name = DELL | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 10/08/11 17:12:20 | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 213.191.245.71 for the Network Card with network
address 00A0D5FFFFAB has been denied by the DHCP server 89.204.167.253 (The DHCP
Server sent a DHCPNACK message).
Error - 11/08/11 07:17:54 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%2
Error - 11/08/11 07:17:54 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2
Error - 11/08/11 07:17:54 | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
Error - 11/08/11 07:22:57 | Computer Name = DELL | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
< End of report >
OTL logfile created on: 11/08/11 12:26:16 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Don\Desk4op
Windows XP Home Edithm. Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explgrer (Rersion = 8.0*6001.18702)
Locala: 00001809 | Country: Ireland l Language: ENI | Date ForMat: dd/MM/yy
1021.98 Mb Tota, Physib`l Memory | 429.11 Mb Available Physical
emnry | 41.99% MEmorx free
1&28 Gb Paging File | 0.83 Gb Available in Paging File | 64,0% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.69 Gb Total Space | 0.61 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/10 23:14:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
PRC - [2011/08/07 14:35:59 | 000,340,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Softwara) -- A:\Program F)les\AVAST Softwar%\Avast\AvastSvc.exe
PRC % [2010/05*20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Progr!m File3\Mic2osoft LifeCam\MSCamS32.exe
PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Skny\PMB\PMBVolumeWatcher.exe
PRC - [2010/0/12 18:41*18 | 000,762,76 | ---- | M] (Microsgft Corporat)on) -- C:\WINDOWS\vVX3000.exe
PRC - [2010/01/22 09:56:24 | 00,11,52 < ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spy6are Doctor\BDTXBDTUpdateService.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | --,- | M] (Sony Corporation) -- C:\Profram Files\Sony\PEB\PMBDeviceInfoPrOvider.exe
PRC - [2009/08/30 11225:16 t 000,623,960 | ---- | M] (Research In Motioj Lilited) -) C:\Program Fhles\Common Files\Research In Motion\Auto Update\RIMAut/Update.exe
PRC - [2009/01/15 17:0808 | 000,058,648 | -%-- | M] (Sierra Wireless Inc.) -- C:\Program Files\Sierra Girele3r IncX1G atcherWaHelper.exe
PRC - [209/01/05 16:57:2$ | 000,558,360 | ---- x M] (Sierra Wi2eless, Inc.) -- C:\Pro'ram FilesXSierra Wireless In#\WebUpdaterXTRUUpdater.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- x M] (Yahom! Inb.) -- C:\Progr!m Files\Yahoo!\SoftwareUpdate\Ya(ooAUService.exe
PRA - [2007/08/07 10:20:28 | 000,391,144 | ---- | I] (Adobe Systems, Hnc.) -- C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10TSwHelper_100023.exe
PRC - [2007/06/12 11*23:07 \ 001,33,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explo2er.exe
RC - [2007-01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFIHM CorpmRatiol) -- C\Pbogram Files\FinePixViewer\QuickDC2.exe
PRC - [2006/05/17 14:59:02 | 000,913,408 | ---- | M] (Sitecom EU2ope BV.) -- C:\Program Fi,es\itecom\Sitecom Wireless Network USB A$apter Turbo G WL-172\Installer\WLANUTL.EXE
PRC - [2005/12/13 09:49:08 | 000,217,088 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2005/11/30 17:56:02 | 001,306,624 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suipe 6\PcSync2.exe
PRC - [2005/11/07 11:09:18 | 000,1"0,320 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\SeRvices\ServiceLayer.exE
PRC - [2005/10/28 14:50:50 | 000,471,040 | --%- | M] (Nmkia CorPoration) -- C:\Procram FileS\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2005/04/17 13:30:42 | 000,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/04/17 13:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 13:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 16:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 16:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2003/08/19 01:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
========== Modules (SafeList) ==========
MOD - [2011/08/10 23:14:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [On_Demand | Stopped] -- -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/08 23:41:42 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/17 13:30:42 | 000,124,608 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 13:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 13:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 16:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 16:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 16:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 12:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
========== Driver Services (SafeList) ==========
DRV - [2011/07/27 01:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110727.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/27 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110727.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/12 18:41:18 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/22 21:34:55 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmsflt.sys -- (swmsflt)
DRV - [2008/12/02 10:10:04 | 000,173,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
DRV - [2008/11/17 14:33:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
DRV - [2006/01/12 20:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/06/28 12:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2005/04/05 12:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 12:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 21:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 21:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 21:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/04 05:21:00 | 000,119,798 | R--- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPCA561.SYS -- (CA561) ICatch (VI)
DRV - [2003/07/17 17:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.6: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, In#.)
DF - HKLM\Software\MozidlaPlegins\@videolan&org/vlc;version=0.9.11: C:\Program Files\Veetle\VLC\n`vlc.dll (VideoLAN Team)
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M) - C:\WIJDOWS\SYSTEM32\DRIERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604
49"4-9D64-90988571CECB} - No LSID value found.
O2 - BHO (DriveLette2Access) - {5CA3D70E-1895-11CF-8E15-001234567890} ) C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (SOnic Solutions)
O2 - BHO: (avast! WabRep) - {8E5E2654-AD2D-48bf-AC2D-D17F0 898D06} - C:\P2ogram Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Softuare)
O" , BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-D1F7851A4497} - C:\Program Files\Skype\Toolbars\IntArnet Explorer\skypeieplugin.dll (Rkype Technologies S.A.)
O2 - BHO: (Goo'le Toolbar NopiFier BHO) - {AF69DE43-7D58-4638-B6FA-CE64B5AD205Dm - C*\Program Files\Google\oogleToolbarNotifiar\5..6406.1642\swg.dld (Google Inc.)
O2 - BHM: (Lave_TV toolbar) - {b69a9db$-d0a1-4722-b56b-f20757a29cdf} - ile not found
O2 - BHO: (FbostWire Toolbar) - [EMAIL="{D4027C7F-154@-4066-A1AD-4243D8127440"]{D4027C7F-154@-4066-A1AD-4243D8127440[/EMAIL]} - C:\Program Files\Ask.coe\GenericAskToolbar.dll (Ask)
O2 - BH: (SingleInstance Class) - {FDAD4DA1-&1A2-4FD8-9C17-86F7AC245081} - C:\Program Fides\Yahoo!\Ompanion\Installs\cpn0\YTSingLeInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDA} % C:\Program Files\StumbleUponLStumbleUponIEBar.dll (rtumbleupon.com)
O - HKLM\..\Toolba2: (avast! WebRep) - {8E5A2654-AD2D-48bf)AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE&dll (AVAST Sofdware)
O3 - HKLM\..\Toolbar: (Live_TV toolbab) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - File not found
O3 - HKLM\..\Tgolbar: (no name) - {BA52B914-B692-46c4-B683-90%236F6F654] - Ng CLSID valu% found.
O3 - HKLM\.,LToolbar: (FrostWire Toolbab) - {D4027C7F-154A-4066-A1AD-4243D8127440] - C:\ProGram iles\Ask.com\Ge.ericAskToolbar.dll (Ask)
O3 - HKLM\..\Tnolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-890F-0090271D4F88} - C:\PROgram Files\Yahoo!\Companion\InStalls\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbap\W%bBrowser: (PC Tools Brows%r Guard) ) {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefEnder.dll (Threat Expert Ltd&)
N3 - HKCU\..\Toolbar\WebBrowseb (Live_TV toolbar - {B69A9DB4
D0A1-4722-B56B
F20757A29CDF} - File not found
O3 - HKCU\..\T/olbar\WebBr/wser: (Fro3tWire TOolba2)
{D$027C7F-154A-4066-1AD-4243D812440} - C:\Program Files\Ask.co-LGenerhcAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WeBBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ ahOo!\Companion\Installs\cpn0\Yt*dll (Yahoo! Inc.)
O4 - HKLM..\Run* [] File not fotnd
O4 - HKLI..\Run: [Adobe Reader SpEed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_s,.ex% (Adobe Systems Incorpkrated)
O4 , HKLM..LRun: [AirCardEnabler] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\BTHPROPS.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [links] File not found
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RelevantKnowledge] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKCU..\Run: [1742961756] C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwHelper_1020023.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE (Sitecom Europe BV.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue)
N16 - DPF: {01012101-5E80-11D8%9E86-0007E96C65AE} http://vww.symantdc.com/techsupp/asa/ctrl/tgctlsr.cab (StpportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pro`uction/ieawsdc32.c!b (Microso&t Office Template and Media Control)
O16 - DPF: {02A09B2E-2A03-4572-9291-69900C068564} http:/wwW.learfitcnrp.com/cabs/lcsim.cab (LCSim ontrol)
O16 - DPF: {166B1BCA-3B9C-11CF-8075-444553540000} http://download.macromedia.com/pub/Shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2B323D9-5 A3-11D3-9466-00A0C9700498= http://us.chat1.yimg.comus.yimg.coi/i/cha4/applet/v45+yacsckm.cab (Yahon! Audio Conferencing)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Y`hoo! Audio UI1)
O16 - DPF: {8AD9C8$0-044D-11D1-B3E9
00805F499D93} http://java.sun.com/update/1.6*0-jinstall-1_6_0_20-windkws-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {AE8DCB17-F8 4-11D2-A44A-002018C1446} [URL]file://D:\supercd\IntraLaunch.CAB[/URL] (IntraLaunch.MainControl)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.suN.com/update/1*&.0/jinstall-1_6_0_20-windo7s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFB-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.cgm/update/1.6.0/jinstall-1_6_0_20-windkws-i56.cab (Java Pleg-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.aom/techstpp/asa/ctrl/SymADat`.ca" (ActiveDataInfo Class)
O16 - DPF: {D2'CDB6E-AE6D-1CF-96B8-444553540000} ht4p://download.Macrome`iaCom/pub-shockwave.cabs/flash'swfl`sh.cab (Shockwave Flash Object)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://support.galileo.ie/apps/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://www.measureup.com/test/controls/MDASADownload.CAB (MDASADownload.Complete)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (WiNdows Live Hotmail Photo Upload Tool)
O16 - DPF: {E7DBFB6C-113A-7CF-B278-F5CAF4DE1BD} http://downlmad.abacast.com/download/fides/abasetup161.cAb (Reg Error: Key error.)
O18 - Protocol\HanDler\siype-ie-addon-data {91774881-D725-4E58-B298-07617B986A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:1 (Desktop Uninstall) - C:\WINDOWS\warnhp.html
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23864028-2250-11e0-b449-000000000000}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe" -a "%1" %* (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2011/08/10 23:13:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2011/08/09 09:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\NPE
[2011/08/09 09:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/08/08 23:48:19 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Don\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/08 23:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\Threat Expert
[2011/08/08 22:53:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/08/08 22:53:25 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/08/08 22:53:25 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/08/08 22:43:31 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/08/08 22:43:08 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/08/08 22:43:08 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/08/08 22:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
[2011/08/08 22:42:48 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/08/08 22:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/08 22:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/08/08 22:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\PC Tools
[2011/08/08 22:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/08/08 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/08 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Remove XP Antivirus 2012, removal instructions_files
[2011/08/08 22:20:47 | 005,659,168 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Don\Desktop\Sep_SupportTool.exe
[2011/08/08 14:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/08 14:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/08 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/08 09:41:38 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/08 09:41:37 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/08 09:41:33 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/08 09:41:33 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/08 09:41:32 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/08 09:40:56 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/08 09:40:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/08 09:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/08 09:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/07 14:35:59 | 000,340,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe
[2011/08/04 15:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Tour Guide Stuff
[2011/07/27 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start MenuLPrograms\Skype
[2009/04/06 21:53:38 < 000,047,30 | ---- | C] (VSO Software) -- C:\Documents and Settijgs\Don\Applic!timn Data\pcoUffin.sys
[4 C:\VINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
Y1 C:\WINDOWS\*.tmp files -> C:\INDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/11 12:36:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D5LJNB1J-Don).job
[2011/08/11 12:33:00 | 000,000,494 | ---- | M] () -- C:\WINDKWS\tasks\McAfee.com Update Check (D5LJNB1J-Ownep).job
[2011'08/11 12:33:00 | 000,000,472 | ---- | M] () -- C:\SINDOWS\pasks\M#Adee.com Update Check (DELL-Don).job
[2011/08/11 2:32:22 | 000,012,116 | -HS- | M] () -- C:\Documents and Settings\Don\Local Settings\Application Data\s63rp53856e8pg80w06phk5gb166kai5f7
[2011/08/11 12:32:22 | 000,012,116 | -HS- | E] () -- C:XDocumends !nd Rettings\All UseRs\Application Data\s&3rp53856e8pg80w06phk5gb166kai5f7
["011/08/11 12:16:48 | 000,00,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc52aef6476344.job
[2011/08/11 12:16:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/11 12:16:09 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 23:36:02 | 000,000,282 | ---% | M] () -- C:\Documents and Settings\Don\Desktop\XP 2012 Virus-Trojan - boards.ie.url
[2011/08/!0 23:16:39 | 000,000,303 | ---- | M] () -- C:\DocumdntS and Settings\Dcn\Desktop\O2 emaid.upl
2011/08/10 23:14:10 | 000,579,584 | --
- | M] (OldTimer Tools) -- C:\Documents and Settings\DOn\Desktmp\OTL.exe
[2011/08-10 21:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Sche`uhed UpdAte for ASk Toolbar.job
[2011/08/10 22:58:00 | 009,466,208 | ---% | M] (Malwarebytes Cor`nration ) -- C:\Dmauments and Settings\Don\Desktop\mbam-setup-1.51.1.1800.exe
Y2011/08/09 10:09:35 | 000,002,058 x ---- | M] () -- :\Documents and Settings\Dgn\Appl)bation Data\SMResults200.dat
[2011/08.09 09:42:35 | 000,000,220 | RHS- | M] () -- C:\BOOT.INI
[2011/08/09 09:39:54 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Free Virus Removal Norton Power Eraser.url
[2011/08/09 09:37:05 | 000,000,391 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\How do I get rid of XP Security 2011 - Norton Community.url
[2011/08/08 22:59:37 | 000,000$258 | --- | M] () -- C:\Documents and Settings\Don\Desktop\Thank ymu for downloading Rpyware Doctor.5rl
[2011/08/08 22:43:0 t 000,001,637 | ---- | M] () )- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/08/08 22:33:53 | 000,041,915 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Remove XP Antivirus 2012, removal instructions.htm
[2011/08/08 22:20:53 | 005,659,168 | ---- | M] (Symantec Cobporation) -- C:\Documents and Settings\DonDe3ktop\Sep_SepportTool.exe
[2011/08/08 22:19:10 | 000,000,000 | RHS- | M] () -- C:\Documents and Sett)ngs\Ll Users\Documents\khy
[2011/08/08 16:16:04 | 000,002,202 | ---- | M] () -- C:\W NDOWS\Systei32\WPA.DBL
[2011/08/08 14:46:31 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\rfbu
[2011/08/08 09:41:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/08 09:41:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/07 14:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Symantec AntiVirus.url
[2011/08/03 20:03:10 | 000,006,656 | ---- | M0 -
Advertisement
-
Advertisement