Wohoo - Malwarebytes picked up on fxlevx.dll!
Please find the three logs requested below.
Cheers,
Scott.
***********************************************************
Malwarebytes' Anti-Malware 1.44
Database version: 3864
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13/03/2010 21:52:46
mbam-log-2010-03-13 (21-52-46).txt
Scan type: Quick Scan
Objects scanned: 107279
Time elapsed: 4 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Scott\Local Settings\Application Data\Windows Server\fxlevx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
*************************************
OTL logfile created on: 13/03/2010 21:57:51 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Scott\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 45.96 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.84 Gb Free Space | 48.37% Space Free | Partition Type: NTFS
Drive E: | 700.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SCOTT-PC
Current User Name: Scott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/03/13 21:47:31 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2008/11/21 13:55:13 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/23 22:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Ad-Aware\aawservice.exe
PRC - [2008/05/04 09:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 09:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 09:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 09:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (SafeList) ========== MOD - [2010/03/13 21:47:31 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
MOD - [2008/01/21 02:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2010/02/21 18:43:33 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/21 18:43:31 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/16 18:37:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/21 14:04:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/21 13:55:17 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/igIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/21 18:43:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 20:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 11:20:28 | 000,000,000 | ---D | M]
[2009/06/20 16:54:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2010/03/10 03:05:10 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5rudk5l2.default\extensions
[2009/09/09 19:48:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5rudk5l2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/20 16:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/23 19:32:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/23 19:32:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/23 19:32:43 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/23 19:32:43 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Updater.lnk = C:\Users\Scott\AppData\Local\Temp\JDstart.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\My Documents\My Pictures\Austria\P1100075.JPG
O24 - Desktop BackupWallPaper: C:\My Documents\My Pictures\Austria\P1100075.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 02:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: aawservice - C:\Program Files\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: aawservice - C:\Program Files\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ========== [2010/03/13 21:47:31 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2010/03/13 21:44:50 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes
[2010/03/13 21:44:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/13 21:44:46 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/13 21:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/13 21:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/13 21:44:15 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Scott\Desktop\mbam-setup.exe
[2010/03/13 17:27:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/13 17:27:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/13 17:27:42 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
[2010/03/13 17:17:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/13 17:17:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/13 17:17:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/13 17:17:42 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/13 17:12:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/13 17:03:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/13 17:01:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/12 16:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/03/12 16:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/03/09 21:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/03/09 16:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\PowerDataRecovery
[2010/03/08 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ontrack
[2010/03/08 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\R-TT
[2010/03/08 22:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\FILE RECOVERY for Windows
[2010/03/08 21:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2010/03/08 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\MagicRecovery Pro
[2010/03/08 21:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/08 20:35:20 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Windows Server
[2010/03/01 16:59:09 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Facebook
========== Files - Modified Within 14 Days ========== [2010/03/13 21:58:30 | 002,883,584 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT
[2010/03/13 21:55:30 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/13 21:55:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/13 21:55:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 21:55:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 21:55:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/13 21:54:05 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/13 21:54:04 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/13 21:54:04 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/13 21:54:03 | 006,291,456 | -H-- | M] () -- C:\Users\Scott\AppData\Local\IconCache.db
[2010/03/13 21:47:31 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2010/03/13 21:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/13 21:44:20 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Scott\Desktop\mbam-setup.exe
[2010/03/13 20:55:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3860523018-654980446-2790135442-1000UA.job
[2010/03/13 17:25:03 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/13 17:01:19 | 003,888,953 | R--- | M] () -- C:\Users\Scott\Desktop\schrauber.exe
[2010/03/13 16:55:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3860523018-654980446-2790135442-1000Core.job
[2010/03/13 15:04:49 | 000,058,054 | ---- | M] () -- C:\Users\Scott\Desktop\not responding.jpg
[2010/03/13 14:43:00 | 001,998,620 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/13 14:43:00 | 000,827,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/13 14:43:00 | 000,004,884 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/13 14:37:01 | 282,433,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/13 13:28:01 | 000,293,376 | ---- | M] () -- C:\Users\Scott\Desktop\fxsls1rj.exe
[2010/03/13 13:22:25 | 000,524,288 | ---- | M] () -- C:\Users\Scott\Desktop\dds.scr
[2010/03/13 11:26:13 | 057,057,501 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/12 16:59:39 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/03/12 16:47:05 | 000,217,600 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 21:24:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/03/09 21:24:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/03/09 19:31:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/03/09 19:31:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/03/08 22:31:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/03/08 22:31:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/03/08 20:28:45 | 000,000,798 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Updater.lnk
[2010/03/07 21:11:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/03/07 21:11:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/03/06 19:15:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/03/06 19:15:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/03/03 22:41:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/03/03 22:41:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/03/02 22:40:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/03/02 22:40:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/02/28 21:33:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/28 21:33:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
========== Files Created - No Company Name ========== [2010/03/13 17:17:49 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/13 17:17:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/13 17:17:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/13 17:17:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/13 17:17:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/13 17:01:09 | 003,888,953 | R--- | C] () -- C:\Users\Scott\Desktop\schrauber.exe
[2010/03/13 15:04:49 | 000,058,054 | ---- | C] () -- C:\Users\Scott\Desktop\not responding.jpg
[2010/03/13 13:33:54 | 282,433,758 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/13 13:26:20 | 000,293,376 | ---- | C] () -- C:\Users\Scott\Desktop\fxsls1rj.exe
[2010/03/13 13:21:40 | 000,524,288 | ---- | C] () -- C:\Users\Scott\Desktop\dds.scr
[2010/03/12 16:59:39 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/03/08 22:21:51 | 000,000,634 | ---- | C] () -- C:\Windows\System32\MAPISVC.INF
[2010/03/08 20:28:45 | 000,000,798 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Updater.lnk
[2009/08/22 09:50:26 | 000,000,089 | ---- | C] () -- C:\Users\Scott\AppData\Local\isdwibvh.bat
[2009/04/29 19:06:41 | 000,000,091 | ---- | C] () -- C:\Users\Scott\AppData\Local\iwekomo.bat
[2009/02/05 18:32:21 | 000,002,528 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\$_hpcst$.hpc
[2009/02/05 18:10:57 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/02/05 18:10:57 | 000,036,512 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/01/21 21:27:06 | 000,005,972 | ---- | C] () -- C:\Users\Scott\AppData\Local\d3d9caps.dat
[2008/12/13 15:09:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/13 13:56:08 | 000,217,600 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 21:16:57 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/11/21 21:16:57 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/11/21 21:16:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/11/21 21:16:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/11/21 21:16:57 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/11/21 21:16:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/11/21 13:46:15 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ========== [2010/03/11 02:05:01 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Azureus
[2010/03/01 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Facebook
[2009/02/20 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Samsung
[2010/03/13 21:54:06 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >[2008/11/21 21:02:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/11/21 21:02:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/11/21 21:02:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/11/21 21:02:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/11/21 21:02:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CNGAUDIT.DLL >[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >[2007/09/06 16:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 16:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 16:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 16:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
< MD5 for: IASTORV.SYS >[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:24051EFF
< End of report >
**********************************************************
OTL Extras logfile created on: 13/03/2010 21:57:51 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Scott\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 45.96 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.84 Gb Free Space | 48.37% Space Free | Partition Type: NTFS
Drive E: | 700.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SCOTT-PC
Current User Name: Scott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3860523018-654980446-2790135442-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0589AEB8-E988-4900-A262-D4D789ED269E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0CDCA752-6F92-475B-A5B3-DB3BBA572D59}" = rport=445 | protocol=6 | dir=out | app=system |
"{107A3237-483E-4524-B13B-04CFD3D7EFF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1CF4C927-1E58-435A-86F7-DA722AF8AD6A}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F2BB5AE-94C7-4E39-B336-11601C655873}" = lport=139 | protocol=6 | dir=in | app=system |
"{219A228B-17A3-47EC-8D18-B2B457526217}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2607D734-76CF-4304-9307-EF589AF37C93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2979DFB3-3B3F-4F60-8E14-69F7AF754B16}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A0197D2-1E39-40A5-AA5A-80E2B68E2549}" = rport=139 | protocol=6 | dir=out | app=system |
"{3ECAAD0A-9286-472B-AB8B-77E63AF57E79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{55AD2BE5-F83E-4A5C-A597-62BB5820E35B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59F104B7-E4FD-43D7-8DB2-8E18CECC7897}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{752BB0BF-F76D-44D5-BF68-A85E92CFB40D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{85F7541A-B422-4909-8996-AFF47621897F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A3EA811-ED01-4F19-9B8A-71397F9FE849}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BAA1785-8011-4D06-ACBC-2B0B0B2D6B3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B05D4697-1291-4751-BA47-0CDD7E95D566}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA13BB50-160B-45E2-990B-B65B547D21B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC191A5F-27B0-4704-BE70-6046DDFE611F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7680A3D-8D12-4B49-B534-3C6AAB0228C9}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8C605BE-548A-421A-BAB5-94AFD6EAA0C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04022FF2-387B-4769-9649-07EBB162B315}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{20C7DA59-F9C7-432C-B17E-43D8CB6170A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21707310-9234-4890-BA68-7B58BC2529C4}" = protocol=17 | dir=in | app=c:\itunes\itunes.exe |
"{2289FC62-92B3-451A-B2E9-B56FF68C0602}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3808A4E0-00FA-4793-BE17-E76B0C71E999}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47AFECD2-2BA0-4700-93AF-98A5A57F98D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{516CBD7E-8BC5-4C01-9EFD-240FA8308230}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{553868AC-5EE5-467D-857E-7822B0B08AD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5617AC48-FAD1-4764-8A66-44675E2B7CD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{62412AF8-D141-48B1-9531-3BF416EC14AA}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{6A6BA141-B45E-4186-8D61-826C583FB9C5}" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\temp\jdstart.exe |
"{6B9C5B74-6569-400D-99A1-D25985F90B6C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70E3BD44-0785-4F43-A9A1-58A5ECFD9342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8146BD3A-0473-414E-BE7B-691F2180BF38}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{835E7641-00BC-4903-9649-C80B6D5BE87D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{881E9AB5-7D32-47C8-A10E-F97458E486F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DCC0E53-36CF-4AF9-AD45-016A8BF0E3E1}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8EA41C0B-5909-43DC-86B7-79B968F6566B}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9F5C479E-11D5-462C-8D82-307E6A7008C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8552A2E-B219-40AF-A84D-1076371BABB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0D8E204-C9DB-42C9-B0C4-B94FFEA29BBC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B21ACEC1-EA4E-4657-947E-CCAAB73BAD83}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{B33856EF-1C32-4734-B99C-FA04A7F3AE2A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{BB2E6CFC-40C5-4B2E-8458-B2B8F0EE4251}" = protocol=6 | dir=in | app=c:\itunes\itunes.exe |
"{C34FF058-BC8A-43F3-8A65-946415BF60CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4A56EA4-E90E-455E-AC44-626417E9BC86}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C6DFAA13-927A-4979-A902-A053A89F0CA1}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CA2CA65D-0424-4EEC-B8F5-24B47240C22F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{CA6E549A-9D7E-4A0B-BDAE-0D900C5BF738}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{CD58207D-BC25-4ADF-A320-8A12837C36F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D66C6E05-D409-4A93-88E9-BB58EEC6A05A}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D6E56351-BD50-47FB-8F3A-5496B88315C1}" = protocol=6 | dir=out | app=system |
"{D82B8A44-2B68-4C7E-B58B-B517FA753067}" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\temp\jdstart.exe |
"{DB278A71-488A-4950-9F71-8B1F595F0DE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC2D6FEE-1903-4AFB-B420-DE96D2AB3EAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DCE8C840-9644-4CDE-8A1E-81E3FFE33735}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{E38100B5-59A3-4811-8AD0-E04B2E548949}" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\temp\svvchst32.exe |
"{E45333C9-6CAA-424F-B686-84366EB7768F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA4E3B19-732D-444F-AEED-01B63EB91F13}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{F74FFABB-6300-4AA3-8E34-094CF62CEB95}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{F9AAE6CB-AAA4-4EB8-B091-ABFC4BE53A2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA3DC7DC-B082-46DF-82AA-053E578AB8D2}" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\temp\svvchst32.exe |
"{FC296630-76E6-473F-867D-0E70879C9AC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{1BA5DC01-9C47-4468-B1B3-F7E06105D3C7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1F695519-2C7A-4031-B42B-CAC8485FB557}C:\games\warcraft ii bne\warcraft ii bne.exe" = protocol=6 | dir=in | app=c:\games\warcraft ii bne\warcraft ii bne.exe |
"TCP Query User{3D53F537-6B8E-4106-ABBA-997A1142EA1E}C:\games\warcraft ii bne\warcraft ii bne.exe" = protocol=6 | dir=in | app=c:\games\warcraft ii bne\warcraft ii bne.exe |
"TCP Query User{481821F9-A910-4470-A537-006E6E11808C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{63CA0F49-5C29-4946-8F11-550A9C9DB34E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{A533F68B-5883-4DFF-9A5A-68A6C02B5FC0}C:\games\warcraft ii bne\war2combat\warcraft ii bne.exe" = protocol=6 | dir=in | app=c:\games\warcraft ii bne\war2combat\warcraft ii bne.exe |
"TCP Query User{B5DAA281-43CE-4278-B208-7FFB57976AE4}C:\games\warcraft ii bne\war2combat\warcraft ii bne.exe" = protocol=6 | dir=in | app=c:\games\warcraft ii bne\war2combat\warcraft ii bne.exe |
"TCP Query User{B845D041-FB1D-4B40-89AE-B01986E16359}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{18E26D27-3A98-484D-8755-DD5E8DE1FD77}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{297C9AB6-07FE-4527-A9D5-45B680B40040}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2B2EB7A0-B513-4EE6-8403-F1A8199BB253}C:\games\warcraft ii bne\warcraft ii bne.exe" = protocol=17 | dir=in | app=c:\games\warcraft ii bne\warcraft ii bne.exe |
"UDP Query User{2B8A08DB-F545-4CA4-B4C4-08874D051604}C:\games\warcraft ii bne\warcraft ii bne.exe" = protocol=17 | dir=in | app=c:\games\warcraft ii bne\warcraft ii bne.exe |
"UDP Query User{4AE154FD-ECE3-4D0B-BC9A-4EE19E411BEC}C:\games\warcraft ii bne\war2combat\warcraft ii bne.exe" = protocol=17 | dir=in | app=c:\games\warcraft ii bne\war2combat\warcraft ii bne.exe |
"UDP Query User{5C47343F-480A-4F1A-A089-CE5BF2885B81}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{7C59772C-3A1F-4DAB-8131-C138E2965EC9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A45AB137-09E7-44E7-AD3D-4B44D050F622}C:\games\warcraft ii bne\war2combat\warcraft ii bne.exe" = protocol=17 | dir=in | app=c:\games\warcraft ii bne\war2combat\warcraft ii bne.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaInfo" = MediaInfo 0.7.8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"qsvxhk" = Favorit
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"VLC media player" = VLC media player 0.9.8a
"Vuze" = Vuze
"War2Combat_is1" = War2Combat 3.04
"WinRAR" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 08/03/2010 17:12:35 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3011
Description =
Error - 08/03/2010 17:35:12 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3012
Description =
Error - 08/03/2010 17:35:12 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3011
Description =
Error - 08/03/2010 18:06:34 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3012
Description =
Error - 08/03/2010 18:06:34 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3011
Description =
Error - 08/03/2010 18:20:31 | Computer Name = Scott-PC | Source = VSS | ID = 8194
Description =
Error - 08/03/2010 18:26:33 | Computer Name = Scott-PC | Source = VSS | ID = 8194
Description =
Error - 09/03/2010 12:27:49 | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description =
Error - 09/03/2010 12:32:15 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3012
Description =
Error - 09/03/2010 12:32:15 | Computer Name = Scott-PC | Source = LoadPerf | ID = 3011
Description =
[ Broadcom Wireless LAN Events ]
Error - 12/03/2010 20:47:15 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 00:47:15, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 12/03/2010 20:47:15 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 00:47:15, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 11:00:28 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 15:00:28, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 11:00:29 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 15:00:29, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 13:09:00 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 17:09:00, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 13:09:00 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 17:09:00, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 14:21:22 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 18:21:22, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 14:21:22 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 18:21:22, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 17:54:03 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 21:54:03, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
Error - 13/03/2010 17:54:03 | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 21:54:03, Sat, Mar 13, 10 Error - User "" does not have administrative
privileges on this system
[ System Events ]
Error - 25/03/2009 14:36:41 | Computer Name = Scott-PC | Source = HTTP | ID = 15016
Description =
Error - 25/03/2009 14:37:43 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25/03/2009 15:38:37 | Computer Name = Scott-PC | Source = bowser | ID = 8003
Description =
Error - 26/03/2009 04:19:50 | Computer Name = Scott-PC | Source = HTTP | ID = 15016
Description =
Error - 26/03/2009 04:21:15 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26/03/2009 09:56:26 | Computer Name = Scott-PC | Source = bowser | ID = 8003
Description =
Error - 26/03/2009 12:57:19 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 26/03/2009 18:21:02 | Computer Name = Scott-PC | Source = bowser | ID = 8003
Description =
Error - 27/03/2009 07:33:27 | Computer Name = Scott-PC | Source = HTTP | ID = 15016
Description =
Error - 27/03/2009 07:34:27 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >