hi
thanks for getting back to me. understand you guys must be busy so understand it takes a while. Since I posted I found the following howto on here to remove the rogue Internet Security 2010:
http://www.bleepingcomputer.com/virus-remo...t-security-2010 I've also run a number of scans with MBAM, SAS, ComboFix, IOBit Security and Norton AV which have all found and fixed various trojans, rootkits, etc. The latest scans all seem to come back clean but I'm still not 100% convinced the machine is clean so would appreciate some help checking. The main reason I'm suspecting problems still is that I'm seeing a lot of google adwords on sites for malware tools so still a bit suspect.. maybe I'm just being paranoid though ;)
I've followed your instructions for OTL and the logs are below/
Thanks again.
OTL logfile created on: 15/01/2010 01:33:11 - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
511.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.20 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive D: | 35.47 Gb Total Space | 2.04 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: xxxxxxxx
Current User Name: xxxxxxxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/01/15 01:32:28 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/01/07 23:20:18 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/06 22:19:52 | 00,107,792 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe
PRC - [2009/09/23 22:37:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/23 22:37:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/27 15:05:04 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/24 15:05:26 | 00,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/03/11 17:57:22 | 00,358,312 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/07/31 16:16:18 | 00,013,312 | ---- | M] (Tenable Network Security) -- C:\Program Files\Tenable\Nessus\nessusd.exe
PRC - [2008/04/25 19:31:40 | 00,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2008/04/24 17:51:14 | 06,311,936 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\i-sure Data Backup\AgentService.exe
PRC - [2008/04/24 17:51:14 | 00,239,104 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\i-sure Data Backup\Agent.exe
PRC - [2008/03/17 14:56:30 | 00,561,152 | ---- | M] (Ubiquiti Networks, Inc.) -- C:\Program Files\Ubiquiti\ucu.exe
PRC - [2007/10/03 09:35:44 | 00,454,741 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/04 01:01:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0470Mon.exe
PRC - [2007/04/14 14:50:30 | 01,556,480 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2007/03/14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/01/09 01:25:30 | 00,272,024 | R--- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/03/23 00:13:46 | 01,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/07/06 18:52:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/08/03 23:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/12/22 06:51:00 | 00,430,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2000/12/22 06:51:00 | 00,053,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2000/12/22 06:51:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 16:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MSGSYS.EXE
========== Modules (SafeList) ========== MOD - [2010/01/15 01:32:28 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2005/07/06 18:52:00 | 01,466,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2005/07/06 18:52:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2004/08/03 23:57:02 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/06 22:19:52 | 00,107,792 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe -- (AirControl)
SRV - [2009/09/23 22:37:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/27 15:05:04 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/04/21 06:11:10 | 00,851,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/03/11 17:57:22 | 00,358,312 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2008/10/30 08:52:37 | 00,168,432 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/09 18:46:25 | 00,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/07/31 16:16:18 | 00,013,312 | ---- | M] (Tenable Network Security) [Auto | Running] -- C:\Program Files\Tenable\Nessus\nessusd.exe -- (Tenable Nessus)
SRV - [2008/04/24 17:51:14 | 06,311,936 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files\i-sure Data Backup\AgentService.exe -- (AgentService)
SRV - [2007/12/05 08:58:32 | 00,061,440 | ---- | M] (SolarWinds) [On_Demand | Stopped] -- C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2007/11/06 20:22:26 | 00,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/03 09:35:44 | 00,454,741 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2007/01/09 01:25:30 | 00,272,024 | R--- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/11/10 21:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/06 18:52:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000/12/22 06:51:00 | 00,430,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2000/12/22 06:51:00 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/01/13 09:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100113.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/13 09:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100113.009\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/14 18:16:40 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2009/07/24 15:05:26 | 01,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/02 01:58:00 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/06/02 01:58:00 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2009/01/19 00:19:05 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/09 17:51:23 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/21 05:38:10 | 00,020,480 | R--- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2008/04/24 17:51:14 | 00,045,384 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2008/03/17 14:46:46 | 01,337,472 | ---- | M] (Ubiquiti Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netsrx.sys -- (SRX)
DRV - [2008/02/19 21:39:54 | 00,058,016 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/10 13:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 13:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 13:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 13:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 13:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 13:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 13:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/11/06 20:22:06 | 00,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/10/03 16:20:14 | 00,008,192 | ---- | M] (AirMagnet, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AmDriver.sys -- (AmDriver)
DRV - [2007/05/09 01:00:00 | 00,146,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0470Vid.sys -- (VF0470Vid) Live! Cam Notebook (VF0470)
DRV - [2006/11/02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2006/05/10 14:00:16 | 00,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/12/11 10:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/11/10 21:49:24 | 01,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/03 03:39:00 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005/07/06 18:52:00 | 03,208,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/11/15 15:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/03/24 02:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/10/23 16:04:00 | 00,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gticard.sys -- (GTICARD)
DRV - [2003/08/29 14:56:12 | 00,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/12/24 20:18:56 | 00,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
DRV - [2002/12/10 15:13:22 | 00,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/03/25 19:02:14 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2000/12/22 06:51:00 | 00,171,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2000/12/22 06:51:00 | 00,007,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 23:20:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 23:20:23 | 00,000,000 | ---D | M]
[2009/08/13 13:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2009/08/13 13:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/01/14 11:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions
[2008/11/05 19:52:18 | 00,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/01/14 16:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/13 18:34:21 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/09/13 18:34:21 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/09/13 18:34:21 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/09/13 18:34:21 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\i-sure Data Backup\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [AirControlMonitor] C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe (Apache Software Foundation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCU] C:\Program Files\Ubiquiti\UCU.exe (Ubiquiti Networks, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71}
http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/autodl..._3_1_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.78.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: d:\My Documents\Business\CBR Networks\Graphics\CBR Logo - V3_1 - 300 by 145 - Black Background - Bitmap for Win Desktop - smaller.bmp
O24 - Desktop BackupWallPaper: d:\My Documents\Business\CBR Networks\Graphics\CBR Logo - V3_1 - 300 by 145 - Black Background - Bitmap for Win Desktop - smaller.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/09 16:10:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/12 11:40:14 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/12 11:40:14 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/01/15 01:32:28 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/01/15 01:29:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/14 16:16:57 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/14 16:14:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/14 16:14:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/14 16:14:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/14 16:14:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/14 16:13:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/14 16:12:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/14 11:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/14 11:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
[2010/01/14 11:13:24 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/14 11:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/14 10:26:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/14 10:26:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/09 21:06:38 | 00,000,000 | ---D | C] -- C:\_Films
[2010/01/07 23:59:03 | 00,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/01/07 23:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/01/07 23:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/01/07 23:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\AutoGK
[2010/01/07 23:33:04 | 00,000,000 | ---D | C] -- C:\WAR
[2010/01/07 23:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/01/07 20:44:03 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/01/07 19:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/07 19:36:39 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Paul\Desktop\RootRepeal.exe
[2010/01/06 20:48:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\.COMMgr
[2010/01/05 22:07:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\dvdcss
[2009/12/29 18:40:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/12/29 18:40:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/12/29 18:37:27 | 00,000,000 | ---D | C] -- C:\Program Files\Radica
[2009/12/29 18:22:52 | 00,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2009/12/28 23:39:41 | 00,000,000 | ---D | C] -- d:\My Documents\googleearth
[2009/12/28 23:28:06 | 00,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2009/12/28 23:02:48 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/12/28 23:02:32 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/12/28 23:02:17 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/12/28 23:02:17 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/12/28 23:02:02 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/12/28 23:01:19 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/12/28 23:00:32 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/12/28 23:00:09 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqutil.dll
[2009/12/28 23:00:09 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqoa.dll
[2009/12/28 23:00:09 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsec.dll
[2009/12/28 23:00:09 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqupgrd.dll
[2009/12/28 23:00:09 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqdscli.dll
[2009/12/28 23:00:09 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqise.dll
[2009/12/28 23:00:09 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsvc.exe
[2009/12/28 23:00:08 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtrig.dll
[2009/12/28 23:00:08 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqad.dll
[2009/12/28 23:00:08 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtgsvc.exe
[2009/12/28 23:00:08 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqac.sys
[2009/12/28 23:00:08 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqbkup.exe
[2009/12/28 23:00:07 | 00,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqqm.dll
[2009/12/28 23:00:07 | 00,517,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsnap.dll
[2009/12/28 23:00:07 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrt.dll
[2009/12/28 23:00:07 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmqocm.dll
[2009/12/28 23:00:07 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrtdep.dll
[2009/12/28 22:59:31 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/12/28 22:59:31 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/12/28 22:59:31 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/12/28 22:59:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/28 22:59:30 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/28 22:59:30 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/12/28 22:59:30 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/12/28 22:59:30 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/12/28 22:59:29 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/12/28 22:59:28 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/28 22:59:28 | 00,251,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/28 22:59:27 | 00,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/12/28 22:59:27 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2009/12/28 22:59:26 | 00,659,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/28 22:59:26 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/12/28 22:59:25 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2009/12/28 22:59:25 | 01,023,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/12/28 22:59:24 | 01,506,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/12/28 22:59:24 | 00,532,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/12/28 22:59:22 | 03,062,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/28 22:58:34 | 00,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/12/28 22:58:17 | 01,846,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/12/28 22:58:03 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/12/28 22:57:48 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2009/12/28 22:57:47 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/12/28 22:57:33 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2009/12/28 22:57:13 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2009/12/28 22:57:12 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2009/12/28 22:57:11 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2009/12/28 22:57:11 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2009/12/28 22:57:11 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2009/12/28 22:57:10 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2009/12/28 22:56:36 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/12/28 22:56:33 | 00,728,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/12/28 22:56:30 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/28 22:56:28 | 02,186,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/28 22:56:27 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/28 22:56:25 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/28 22:56:07 | 00,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/28 22:55:39 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/12/28 22:55:24 | 00,333,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/28 22:54:41 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2009/12/28 22:54:28 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/12/28 22:54:15 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/28 22:54:00 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/12/28 22:53:45 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/28 22:53:31 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2009/12/28 22:53:17 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2009/12/28 22:52:49 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/28 22:52:36 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/28 22:52:35 | 00,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/12/28 22:52:16 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/12/28 22:52:16 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2009/12/28 22:52:15 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2009/12/28 22:52:15 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2009/12/28 22:52:01 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/28 22:51:20 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/28 22:51:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/12/28 22:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/28 22:07:08 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/12/24 19:54:47 | 01,961,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX3000.sys
[2009/12/24 19:54:47 | 00,762,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2009/12/24 19:54:47 | 00,676,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin30.dll
[2009/12/24 19:54:47 | 00,227,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.dll
[2009/12/24 19:54:47 | 00,175,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX3000.dll
[2009/12/24 19:54:47 | 00,101,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VX3000.dll
[2009/12/24 19:43:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/12/24 19:43:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/12/24 19:43:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/24 19:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/12/24 19:42:40 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/12/24 19:42:40 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/12/24 19:42:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/12/24 19:42:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/12/24 19:42:39 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/12/24 19:42:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/12/24 19:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/12/24 18:49:34 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/12/24 18:49:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/12/22 22:53:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\AVS4YOU
[2009/12/22 22:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/12/22 22:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/12/22 22:48:02 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/12/22 22:37:54 | 00,000,000 | ---D | C] -- C:\output media
[2009/12/22 22:36:28 | 00,000,000 | ---D | C] -- C:\Program Files\Free Convert All Movie Video Converter Gold
[2009/12/22 22:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\DVDx
[2009/12/22 21:28:34 | 00,000,000 | -H-D | C] -- d:\My Documents\ShadowEditFiles
[2009/12/22 21:27:55 | 00,000,000 | ---D | C] -- d:\My Documents\CyberLink
[2009/12/22 21:26:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\CyberLink
[2009/12/22 21:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/12/22 21:07:08 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/12/16 16:52:43 | 00,000,000 | ---D | C] -- C:\Netgear
[2009/07/08 10:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/01 15:41:11 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/10/22 21:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/09 16:14:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/09 16:14:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/09 16:14:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/01/15 01:32:28 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/01/14 16:42:55 | 00,077,449 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/14 16:42:24 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/14 16:41:42 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/01/14 16:41:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/14 16:40:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/14 16:34:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 16:34:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/14 16:33:22 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/01/14 16:33:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/01/14 16:17:05 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/14 16:14:08 | 03,824,871 | R--- | M] () -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2010/01/14 11:13:30 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 10:26:44 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 09:57:30 | 00,000,980 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to Logs.lnk
[2010/01/14 09:48:57 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\settings.dat
[2010/01/13 09:41:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/11 08:54:25 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 00:00:04 | 00,000,816 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/01/10 19:18:08 | 00,077,449 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/08 09:11:25 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\AutoGK.ini
[2010/01/07 23:29:33 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\DVD Decrypter.lnk
[2010/01/07 20:53:13 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/01/07 20:11:10 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\rkill.com
[2010/01/07 19:36:46 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Paul\Desktop\RootRepeal.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 21:32:11 | 02,656,656 | -H-- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2009/12/30 17:04:00 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\PUTTY.RND
[2009/12/29 19:51:31 | 00,058,525 | ---- | M] () -- C:\Documents and Settings\Paul\ss_pic_temp.jpg
[2009/12/29 19:47:21 | 00,216,281 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_2.jpg
[2009/12/29 19:45:17 | 00,202,370 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_hawaii_1.jpg
[2009/12/29 19:43:00 | 00,193,161 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_1.jpg
[2009/12/29 19:42:07 | 00,086,321 | ---- | M] () -- C:\Documents and Settings\Paul\ss_s1.jpg
[2009/12/29 19:25:41 | 00,100,946 | ---- | M] () -- C:\Documents and Settings\Paul\ss_pic.jpg
[2009/12/29 18:57:58 | 00,445,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/29 18:57:58 | 00,072,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/29 18:57:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/29 18:45:41 | 01,508,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/29 18:42:08 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/29 18:38:42 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Stylin' Studio.lnk
[2009/12/28 23:02:58 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/28 22:07:31 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/12/26 21:17:04 | 00,164,352 | ---- | M] () -- d:\My Documents\AandLreset.doc
[2009/12/25 09:18:03 | 00,049,624 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/12/24 20:03:24 | 00,921,624 | ---- | M] () -- C:\img2-001.raw
[2009/12/22 22:50:20 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\AVS4YOU Software Navigator.lnk
[2009/12/22 22:48:59 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\AVS Video Converter 6.lnk
[2009/12/22 22:36:46 | 00,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2009/12/22 22:15:04 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\DVDx.lnk
[2009/12/22 21:07:23 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberLink DVD Suite.lnk
[2009/12/18 00:38:51 | 00,019,968 | ---- | M] () -- d:\My Documents\0800533433 yell.doc
[2009/12/17 13:13:22 | 01,488,896 | ---- | M] () -- d:\My Documents\netgear setup.doc
[2009/12/16 20:41:28 | 03,973,120 | ---- | M] () -- d:\My Documents\DG834Gv4_V5.01.14.img
[2009/12/16 15:26:30 | 00,000,862 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/01/14 16:17:05 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/14 16:17:00 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/14 16:14:54 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/14 16:14:54 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/14 16:14:54 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/14 16:14:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/14 16:14:54 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/14 11:17:10 | 03,824,871 | R--- | C] () -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2010/01/14 11:13:30 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 10:26:44 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 09:57:30 | 00,000,980 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to Logs.lnk
[2010/01/08 09:11:25 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\AutoGK.ini
[2010/01/07 23:29:33 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\DVD Decrypter.lnk
[2010/01/07 20:10:52 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\rkill.com
[2010/01/07 19:37:34 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\settings.dat
[2009/12/29 20:12:03 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Stylin' Studio.lnk
[2009/12/29 19:50:32 | 00,058,525 | ---- | C] () -- C:\Documents and Settings\Paul\ss_pic_temp.jpg
[2009/12/29 19:47:21 | 00,216,281 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_2.jpg
[2009/12/29 19:45:17 | 00,202,370 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_hawaii_1.jpg
[2009/12/29 19:42:59 | 00,193,161 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_1.jpg
[2009/12/29 19:42:07 | 00,086,321 | ---- | C] () -- C:\Documents and Settings\Paul\ss_s1.jpg
[2009/12/29 18:53:39 | 00,100,946 | ---- | C] () -- C:\Documents and Settings\Paul\ss_pic.jpg
[2009/12/28 22:58:49 | 01,290,752 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/12/28 22:07:31 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/12/24 20:03:24 | 00,921,624 | ---- | C] () -- C:\img2-001.raw
[2009/12/24 19:54:47 | 00,524,144 | ---- | C] () -- C:\WINDOWS\System32\LcProxy.ax
[2009/12/24 19:54:47 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/12/24 19:54:47 | 00,013,023 | ---- | C] () -- C:\WINDOWS\VX3000.src
[2009/12/24 19:44:31 | 00,156,984 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/22 22:50:20 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\AVS4YOU Software Navigator.lnk
[2009/12/22 22:48:59 | 00,000,899 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\AVS Video Converter 6.lnk
[2009/12/22 22:36:46 | 00,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2009/12/22 22:15:04 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\DVDx.lnk
[2009/12/22 21:07:23 | 00,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink DVD Suite.lnk
[2009/12/18 00:38:50 | 00,019,968 | ---- | C] () -- d:\My Documents\0800533433 yell.doc
[2009/12/17 12:54:37 | 01,488,896 | ---- | C] () -- d:\My Documents\netgear setup.doc
[2009/12/16 20:40:29 | 03,973,120 | ---- | C] () -- d:\My Documents\DG834Gv4_V5.01.14.img
[2009/08/14 12:36:49 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/27 01:38:20 | 00,014,211 | R--- | C] () -- C:\WINDOWS\twacker.ini
[2009/06/27 01:37:56 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2009/06/27 01:37:56 | 00,078,336 | ---- | C] () -- C:\WINDOWS\System32\LTIMG62N.DLL
[2009/06/27 01:37:56 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2009/06/27 01:37:56 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2009/06/27 01:37:11 | 00,000,036 | ---- | C] () -- C:\WINDOWS\WebCamC.ini
[2009/04/22 18:40:14 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/22 18:40:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/19 15:41:05 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2009/02/01 15:41:11 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2009/01/25 21:10:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 00:14:27 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\PUTTY.RND
[2009/01/08 23:01:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/15 23:28:44 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/12/09 11:15:31 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/12/04 16:57:22 | 00,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/10/09 22:39:59 | 00,182,272 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 22:28:53 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/10/09 20:10:36 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2008/10/09 17:50:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/10/09 17:44:08 | 00,000,862 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/24 17:51:14 | 00,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2007/12/05 08:38:32 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\vsppg8.dll
[2007/12/05 08:38:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MabryCHM.DLL
[2007/11/06 20:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/05 00:00:00 | 00,011,863 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini
[2005/03/06 21:06:44 | 00,331,846 | ---- | C] () -- C:\WINDOWS\System32\geoStarsLib.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 22:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/25 19:02:14 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2000/12/22 06:51:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 16:12:40 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
< End of report >
OTL Extras logfile created on: 15/01/2010 01:33:12 - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\xxxxxxxx\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
511.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.20 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive D: | 35.47 Gb Total Space | 2.04 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: xxxxxxxx
Current User Name: xxxxxxxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Disabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe" = C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe:*:Enabled:Ubiquiti AirControl -- (Apache Software Foundation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\APC\APC Back-UPS HS\CFGUtil.exe" = C:\Program Files\APC\APC Back-UPS HS\CFGUtil.exe:*:Disabled:CFGUtil -- ()
"C:\Program Files\SolarWinds\Engineer's Toolset\Cisco-Config-Viewer.exe" = C:\Program Files\SolarWinds\Engineer's Toolset\Cisco-Config-Viewer.exe:*:Disabled:Cisco Config Viewer -- (SolarWinds)
"C:\Program Files\i-sure Data Backup\Agent.exe" = C:\Program Files\i-sure Data Backup\Agent.exe:*:Disabled:Connected Backup Agent -- (Iron Mountain Incorporated)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Disabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Java\j2re1.4.2\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\SolarWinds\Engineer's Toolset\SNMP-Brute-Force-Attack.exe" = C:\Program Files\SolarWinds\Engineer's Toolset\SNMP-Brute-Force-Attack.exe:*:Disabled:SNMP Brute Force Attack -- (SolarWinds)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Disabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07f69bca-de5a-460a-b4eb-919040ae18bd}" = Nero 9 Essentials
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E528EAB-EC8A-45C4-8EB2-5F9C57E17984}" = Tenable Nessus
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Ubiquiti Client Installation Program
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C753B1-DB3B-4853-9D77-B5037DD63E73}" = AirMagnet Surveyor
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = i-sure business unlimited Data Backup Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = CardBus
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F87F082-F68F-49DA-981F-5DC86A9AEBF1}" = AirMagnet Laptop
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E1E729C7-1B3E-41FA-8788-B26E362EFF70}" = SolarWinds Engineer's Toolset v9
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E7DF4F40-A0CE-430E-8B3B-DB7C8DF1C1A2}" = ActivePerl 5.10.1 Build 1006
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1A1FA1C-5973-4355-A7DC-FED4AEA7D1BC}" = APC Back-UPS HS
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AMP Font Viewer" = AMP Font Viewer
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative VF0470" = Creative Live! Cam Notebook Driver (1.01.01.00)
"Creative WebCam Control" = Creative WebCam Control
"Creative WebCam Monitor" = Creative WebCam Monitor
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1E528EAB-EC8A-45C4-8EB2-5F9C57E17984}" = Tenable Nessus
"InstallShield_{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = PCI 7510 CardBus Controller with SmartCard and Software
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E1E729C7-1B3E-41FA-8788-B26E362EFF70}" = SolarWinds Engineer's Toolset v9
"IObit Security 360_is1" = IObit Security 360
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Nero8Lite_is1" = Nero 8 Lite
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Radio Mobile Deluxe" = Radio Mobile Deluxe 7.6.3
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Spotify" = Spotify
"Stylin' Studio_is1" = Stylin' Studio v1.0
"SystemRequirementsLab" = System Requirements Lab
"Tag&Rename_is1" = Tag&Rename 3.2
"TightVNC_is1" = TightVNC 1.2.9
"TomTom HOME" = TomTom HOME 2.7.2.1825
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.5 Beta
"Ubiquiti AirControl" = Ubiquiti AirControl (remove only)
"Ultravnc2_is1" = UltraVNC 1.0.8.0
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.1
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.0.6
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Radio Mobile" = Radio Mobile
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 07/01/2010 17:21:39 | Computer Name = xxxxxxxx | Source = Application Error | ID = 1000
Description = Faulting application c.exe, version 0.0.0.0, faulting module urlmon.dll,
version 6.0.2900.3592, fault address 0x000053c6.
Error - 07/01/2010 17:46:50 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.FakeAV in File: C:\Documents and Settings\xxxxxxxx\Local
Settings\Temp\owxsermnca.tmp by: Realtime Protection scan. Action: Clean failed
: Quarantine succeeded : Access denied
Error - 09/01/2010 14:16:51 | Computer Name = xxxxxxxx | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/01/2010 16:56:27 | Computer Name = xxxxxxxx | Source = nview_info | ID = 11141121
Description =
Error - 14/01/2010 05:31:00 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\ydbkaxo.exe by: Realtime
Protection scan. Action: Clean failed : Quarantine succeeded : Access denied
Error - 14/01/2010 05:34:26 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Zbot in File: C:\WINDOWS\Temp\xtap.tmp\svchost.exe
by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access
denied
Error - 14/01/2010 05:34:28 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\Documents and Settings\xxxxxxxx\Local
Settings\Temp\wncoasmerx.tmp by: Realtime Protection scan. Action: Clean failed
: Quarantine succeeded : Access denied
Error - 14/01/2010 05:34:28 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\Documents and Settings\xxxxxxxx\Local
Settings\Temp\xQHF.dll by: Realtime Protection scan. Action: Clean failed : Quarantine
succeeded : Access denied
Error - 14/01/2010 21:17:58 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
by: Manual scan. Action: Clean failed : Quarantine failed : Virus Found!Virus
name: Backdoor.Tidserv!inf in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir_
by: Manual scan. Action: Clean failed : Quarantine failed : Virus Found!Virus
name: JS.Downloader in File: D:\phone backup 2 jun\PHONE CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT>>Unknown1d1f8.data
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: Bloodhound.Exploit.213 in File: D:\phone backup 2 jun\PHONE CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT>>Unknown20034.data
by: Manual scan. Action: Clean failed : Quarantine succeeded :
Error - 14/01/2010 21:18:32 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: D:\phone backup 2 jun\PHONE
CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT>>Unknown25548.data by: Manual scan.
Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: in File:
D:\phone backup 2 jun\PHONE CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT by: Manual
scan. Action: Clean failed : Quarantine succeeded :
[ System Events ]
Error - 15/11/2009 19:28:33 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 15/11/2009 19:28:33 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.
Error - 15/11/2009 19:33:01 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 15/11/2009 19:33:01 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 15/11/2009 19:33:21 | Computer Name = xxxxxxxx | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{276008DE-EA3D-45A1-A38B-599A4A879BE4}
because another computer on the network has the same name. The server could not
start.
Error - 15/11/2009 19:57:44 | Computer Name = xxxxxxxx | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
< End of report >
Edited by commsgeek, 14 January 2010 - 08:54 PM.
This topic is locked
Back to top
