I am going to post your logs. It makes it easier for me to research them. I will reply with your next step after I review these logs.
ComboFix 10-09-26.04 - Robbie 27/09/2010 17:27:30.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1982.1502 [GMT 1:00]
Running from: c:\documents and settings\Robbie\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Robbie\My Documents\Downloads\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FILE ::
"c:\windows\Gseqi.dat"
"c:\windows\Lfinogunewu.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Gseqi.dat
c:\windows\Lfinogunewu.bin
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_twbn
((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.
2010-09-27 12:48 . 2010-09-27 12:48 48240 ----a-w- c:\documents and settings\Robbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-25 10:43 . 2010-09-25 10:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 12:38 . 2007-06-27 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-15 15:44 . 2008-06-27 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-09-14 06:40 . 2010-06-01 12:28 -------- d-----w- c:\program files\isposure
2010-09-13 19:50 . 2010-06-01 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Epitiro
2010-09-11 00:50 . 2010-06-07 15:47 391096 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-09-01 13:40 . 2010-09-01 13:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView
2010-09-01 13:40 . 2010-09-01 06:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-09-01 06:19 . 2010-09-01 06:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-30 13:34 . 2010-09-25 11:06 1496064 ----a-w- c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-25 11:06 43008 ----a-w- c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-25 11:06 338944 ----a-w- c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-25 11:06 346112 ----a-w- c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-20 11:03 . 2010-02-16 11:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 20:21 . 2010-08-16 20:21 503808 ----a-w- c:\documents and settings\Aria\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a3df969-n\msvcp71.dll
2010-08-16 20:21 . 2010-08-16 20:21 499712 ----a-w- c:\documents and settings\Aria\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a3df969-n\jmc.dll
2010-08-16 20:21 . 2010-08-16 20:21 348160 ----a-w- c:\documents and settings\Aria\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a3df969-n\msvcr71.dll
2010-08-16 20:21 . 2010-08-16 20:21 61440 ----a-w- c:\documents and settings\Aria\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a11140c-n\decora-sse.dll
2010-08-16 20:21 . 2010-08-16 20:21 12800 ----a-w- c:\documents and settings\Aria\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a11140c-n\decora-d3d.dll
2010-08-16 20:17 . 2010-06-07 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-08-13 07:02 . 2010-06-07 15:47 1066936 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-08-11 06:32 . 2010-06-07 15:47 100280 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\LGMLauncher.exe
2010-08-11 06:14 . 2010-06-07 15:47 106496 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-08-11 06:14 . 2010-06-07 15:47 524288 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-08-10 09:42 . 2008-04-25 14:04 -------- d-----w- c:\documents and settings\Robbie\Application Data\webex
2010-08-09 11:55 . 2010-08-09 11:55 348160 ----a-w- c:\documents and settings\Robbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c96bd9d-n\msvcr71.dll
2010-08-09 11:55 . 2010-08-09 11:55 503808 ----a-w- c:\documents and settings\Robbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c96bd9d-n\msvcp71.dll
2010-08-09 11:55 . 2010-08-09 11:55 499712 ----a-w- c:\documents and settings\Robbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c96bd9d-n\jmc.dll
2010-08-09 11:55 . 2010-08-09 11:55 61440 ----a-w- c:\documents and settings\Robbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6a669882-n\decora-sse.dll
2010-08-09 11:55 . 2010-08-09 11:55 12800 ----a-w- c:\documents and settings\Robbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6a669882-n\decora-d3d.dll
2010-08-06 18:13 . 2007-08-30 15:11 -------- d-----w- c:\program files\LEGO Media
2010-08-06 18:13 . 2005-12-05 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 13:07 . 2010-02-04 11:38 -------- d-----w- c:\documents and settings\Robbie\Application Data\Azureus
2010-07-20 12:01 . 2010-07-20 12:01 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-20 11:58 . 2010-07-20 11:58 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-20 11:58 . 2010-07-20 11:58 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-20 11:58 . 2010-07-20 11:58 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-20 11:58 . 2010-07-20 11:58 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-20 11:57 . 2010-07-20 11:57 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-20 11:57 . 2010-07-20 11:57 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-20 11:57 . 2010-07-20 11:57 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-20 11:57 . 2010-07-20 11:57 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-20 11:57 . 2010-07-20 11:57 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-20 11:57 . 2010-07-20 11:57 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-20 11:56 . 2010-07-20 11:56 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-20 11:56 . 2010-07-20 11:56 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-20 11:54 . 2010-04-07 13:45 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-20 11:53 . 2010-04-07 13:45 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-30 12:31 . 2006-09-08 07:07 149504 ----a-w- c:\windows\system32\schannel.dll
2003-01-03 19:36 . 2007-09-20 07:50 77824 -c--a-w- c:\program files\Startup.exe
2009-09-16 12:03 . 2008-04-25 14:03 27976 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-16 12:03 . 2008-04-25 14:03 125848 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-07 13:00 . 2009-05-07 13:00 46408 -c--a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-05-07 13:00 . 2009-05-07 13:00 98712 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2006-05-03 09:06 . 2010-07-06 05:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-07-06 05:54 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-07-06 05:54 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\drivers\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2006-09-08 07:03
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
c:\qoobox\32788R22FWJFW\atapi.sys [x]
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP652\A0179657.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-07 06:57 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-06-07 2515552]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-16 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 15:28 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 12:08 102448]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [27/03/2009 17:08 33920]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [26/06/2007 16:44 362944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 17:26 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [16/01/2009 13:30 23888]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [26/06/2007 16:32 17149]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [10/11/2009 09:01 10752]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/02/2008 09:16 13352]
S3 Normandy;Normandy SR2; [x]
S4 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 08:43 761856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/09/2009 10:20 721904]
.
Contents of the 'Scheduled Tasks' folder
2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2007-10-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4184941943.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
2010-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-27 23:32]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 16:26]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 16:26]
2010-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2060882461-2450895983-4138926186-1007Core.job
- c:\documents and settings\Robbie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-12 13:29]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2060882461-2450895983-4138926186-1007UA.job
- c:\documents and settings\Robbie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-12 13:29]
2010-09-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 14:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: sungard.com\away
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://away.sungard.com/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://away.sungard.com/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://away.sungard.com/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://away.sungard.com/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
FF - ProfilePath - c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{d6ecae88-2910-4a5b-a7c6-3dee8318a3bc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{d6ecae88-2910-4a5b-a7c6-3dee8318a3bc}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\documents and settings\Robbie\Application Data\Mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\Robbie\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-27 17:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2010-09-27 17:44:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-27 16:44
ComboFix2.txt 2010-09-27 13:33
Pre-Run: 16,228,413,440 bytes free
Post-Run: 16,250,732,544 bytes free
- - End Of File - - B8AAC62AC8153E1876C34AAC1505244E
OTL logfile created on: 27/09/2010 17:50:24 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Robbie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.38 Gb Total Space | 15.14 Gb Free Space | 20.92% Space Free | Partition Type: NTFS
Drive D: | 275.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ML29BL75
Current User Name: Robbie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/09/27 17:49:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\Desktop\OTL.exe
PRC - [2009/01/16 13:31:08 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/01/16 13:31:06 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/01/16 13:31:02 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/01/16 13:31:00 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/01/16 13:30:56 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 13:34:35 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
========== Modules (SafeList) ========== MOD - [2010/09/27 17:49:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/01 13:30:39 | 000,761,856 | ---- | M] (Epitiro Ltd.) [Disabled | Stopped] -- C:\Program Files\isposure\IsposureAgent.exe -- (isposure_svc)
SRV - [2009/01/16 13:31:08 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/01/16 13:31:08 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/01/16 13:31:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/01/16 13:31:00 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/01/16 13:30:56 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/09/13 14:59:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/15 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100926.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100926.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 08:33:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/09/02 10:20:19 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/06 12:02:29 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/27 17:09:03 | 000,033,920 | ---- | M] (F5 Networks, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/03/27 17:09:00 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/01/16 13:31:10 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/16 13:31:10 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/16 13:31:10 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/16 13:30:46 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/01/16 13:30:46 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/01/16 13:30:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/01/16 13:30:40 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/11/21 22:47:48 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/11/21 22:47:48 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/02/15 09:16:01 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/02/15 09:16:01 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2007/10/26 12:20:40 | 004,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/06/25 10:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 10:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 10:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 10:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 10:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 10:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/04/13 20:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/04/03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/03/13 18:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006/03/13 18:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006/03/13 18:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006/03/13 18:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006/03/13 18:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005/09/26 09:02:50 | 000,362,944 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005/03/04 04:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 13:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 13:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 13:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 13:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 13:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 13:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 13:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 13:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 13:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 13:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 13:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 13:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 13:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 13:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 13:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {d6ecae88-2910-4a5b-a7c6-3dee8318a3bc}:2.5.6.0
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.5
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.110
FF - prefs.js..extensions.enabledItems: {d5eeb813-935a-435d-b01e-b3a02f2cb408}:0.8.7.2
FF - prefs.js..extensions.enabledItems: ivanaffic@gmail.com:0.1
FF - prefs.js..extensions.enabledItems: admin@silveos.com:1.0.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{A29ED805-40E1-43BE-A9D8-35278E05F5D8}: C:\Documents and Settings\Robbie\Local Settings\Application Data\{A29ED805-40E1-43BE-A9D8-35278E05F5D8}\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 11:44:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 09:03:25 | 000,000,000 | ---D | M]
[2008/06/19 12:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Extensions
[2010/09/27 14:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions
[2010/04/28 08:53:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/25 12:06:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/26 11:46:14 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/02/03 16:41:46 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/02/04 10:37:21 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/02/04 12:37:51 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/08/19 08:43:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/10 10:24:23 | 000,000,000 | ---D | M] (Aviary) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2010/03/02 07:52:57 | 000,000,000 | ---D | M] (InfinityMW Toolbar) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{d6ecae88-2910-4a5b-a7c6-3dee8318a3bc}
[2009/06/10 09:37:03 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/07/27 16:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\admin@silveos.com
[2008/03/27 09:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/07/27 16:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\ivanaffic@gmail.com
[2009/06/16 15:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\extensions\turntoolviewer@turntool.com
[2010/06/10 10:24:34 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\op38twbf.default\searchplugins\aviary.xml
[2010/09/27 13:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/16 13:03:25 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/09/16 13:03:26 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/05/07 14:00:13 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/05/07 14:00:20 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/05/07 13:59:53 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/09/27 17:35:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sungard.com ([away] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sungard.com ([away] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1}
https://away.sungard.com/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT AntiViruses Class)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446}
https://away.sungard.com/vdesk/terminal/urx...0,2009,327,1607 (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1}
https://away.sungard.com/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E}
https://away.sungard.com/vdesk/terminal/f5t...0,2009,811,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74}
https://away.sungard.com/vdesk/terminal/Ins...,2009,0828,1616 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9}
https://away.sungard.com/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT ProcessesScanner Class)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200}
http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab (FixController Control)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE}
https://away.sungard.com/vdesk/terminal/f5I...,2009,0828,1604 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/...b?1182883224353 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftu...b?1183392199203 (MUWebControl Class)
O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5}
http://www.scotlandspeople.gov.uk/Viewers/...ol/viewdw32.ocx (ViewDirector Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
http://v4.windowsupdate.microsoft.com/CAB/...39259.487974537 (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7}
https://away.sungard.com/vdesk/terminal/urx...0,2009,327,1553 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://sungard.webex.com/client/T26L10NSP4...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2}
https://away.sungard.com/vdesk/terminal/urx...0,2009,828,1606 (F5 Networks Host Control)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04}
https://away.sungard.com/vdesk/terminal/f5o...0,2010,331,1206 (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 13:56:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/08/28 18:05:06 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/09/27 17:49:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robbie\Desktop\OTL.exe
[2010/09/27 13:55:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/27 13:50:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/27 13:50:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/27 13:50:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/27 13:50:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/27 13:49:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/27 13:47:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/25 11:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/09/25 11:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/09/13 21:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/01/14 20:08:25 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2008/01/14 20:08:25 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/01/14 20:08:25 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/01/14 20:08:25 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/09/27 17:49:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\Desktop\OTL.exe
[2010/09/27 17:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/27 17:36:01 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/27 17:35:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/27 17:35:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/27 17:35:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/27 17:35:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/27 17:35:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/27 17:33:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Robbie\ntuser.ini
[2010/09/27 17:33:30 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Robbie\NTUSER.DAT
[2010/09/27 17:22:49 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\RKUnhookerLE.EXE
[2010/09/27 17:22:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\MBRCheck.exe
[2010/09/27 17:19:23 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/09/27 17:03:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2060882461-2450895983-4138926186-1007UA.job
[2010/09/27 17:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/27 13:55:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/27 13:48:44 | 000,048,240 | ---- | M] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/27 13:37:37 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/26 09:49:38 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/26 09:49:37 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 08:03:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2060882461-2450895983-4138926186-1007Core.job
[2010/09/15 17:21:10 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\Shortcut to RKUnhookerLE.EXE.lnk
[2010/09/15 17:07:51 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Robbie\defogger_reenable
[2010/09/15 16:53:33 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\Shortcut to HijackThis.exe.lnk
[2010/09/15 16:43:46 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/09/15 16:43:46 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/09/15 12:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/13 21:02:50 | 001,077,734 | -H-- | M] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\IconCache.db
[2010/09/13 20:55:48 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/08/31 09:44:40 | 000,001,242 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/31 09:44:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/09/27 17:22:47 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\RKUnhookerLE.EXE
[2010/09/27 17:22:36 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\MBRCheck.exe
[2010/09/27 13:55:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/27 13:55:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/27 13:50:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/27 13:50:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/27 13:50:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/27 13:50:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/27 13:50:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/26 09:49:37 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/25 12:24:32 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\gmer.exe
[2010/09/15 17:21:10 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\Shortcut to RKUnhookerLE.EXE.lnk
[2010/09/15 17:07:39 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Robbie\defogger_reenable
[2010/09/15 16:53:33 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\Shortcut to HijackThis.exe.lnk
[2010/06/07 16:47:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/06/07 16:47:19 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/12/17 16:31:31 | 000,000,253 | ---- | C] () -- C:\WINDOWS\Creator.INI
[2009/11/12 12:27:45 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/10/22 14:20:17 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Hornby.INI
[2009/10/22 14:06:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/07/31 02:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/07/07 17:09:04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/21 22:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 22:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/30 14:57:48 | 000,000,525 | -H-- | C] () -- C:\Documents and Settings\Robbie\Application Data\hpothb07.tif
[2008/06/30 14:57:48 | 000,000,380 | -H-- | C] () -- C:\Documents and Settings\Robbie\Application Data\hpothb07.dat
[2008/04/25 15:04:04 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/04/18 11:21:53 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/01/14 20:08:37 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/01/14 11:57:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/01/14 11:57:39 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2007/09/20 08:50:09 | 000,077,824 | ---- | C] () -- C:\Program Files\Startup.exe
[2007/09/01 16:53:09 | 000,000,154 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/08/02 08:26:48 | 000,029,480 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/08/02 08:25:48 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/20 15:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2007/07/03 16:17:01 | 000,002,876 | ---- | C] () -- C:\Documents and Settings\Robbie\Application Data\HPCOM_48BitScanUpdate.log
[2007/07/03 16:17:01 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/06/29 11:41:45 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/27 15:28:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/09/08 18:02:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/18 14:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/12/06 12:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/05 12:42:07 | 000,001,454 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/02 00:39:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/02 00:39:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73933431
< End of report >
OTL Extras logfile created on: 27/09/2010 17:50:24 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Robbie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.38 Gb Total Space | 15.14 Gb Free Space | 20.92% Space Free | Partition Type: NTFS
Drive D: | 275.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ML29BL75
Current User Name: Robbie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00428418-D4AE-4A2B-B866-825F0BF7EC67}" = LG PC Suite II
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{928EE567-49F9-4082-A7B3-9BB82CD3C0FE}" = Microsoft Office Communicator 2007 R2
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FB8CAC0-CCF6-47C9-8EDE-3AC69FD61033}" = Nero 7 Premium
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}" = isposure (installed by tbbMeter)
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AllToAVI" = AllToAVI v4 r5394
"AnswerWorks" = AnswerWorks Runtime
"Audacity_is1" = Audacity 1.2.6
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"foobar2000" = foobar2000 v0.9.6.9
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Games Engine1.2" = Games Engine
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"Hornby Virtual Railway" = Hornby Virtual Railway
"HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
"hp psc 2100 series_Driver" = hp psc 2100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"LEGO Creator" = LEGO Creator
"LEGO LOCO" = LEGO LOCO
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3 Editor For Free_is1" = Mp3 Editor For Free v6.0.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"OPSWAT AV Libraries" = OPSWAT AntiVirus and Firewall Integration Libraries
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PRJPRO" = Microsoft Office Project Professional 2007
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Superscape 3D Control" = Superscape 3D Control
"Switch" = Switch Sound File Converter
"ToolBox" = NCH Toolbox
"Tweak UI 2.10" = Tweak UI
"Update Service" = Update Service
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"4024056026.www.tv2.no" = TV2 Sporten
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 26/09/2010 02:41:05 | Computer Name = ML29BL75 | Source = Google Update | ID = 20
Description =
Error - 26/09/2010 03:03:05 | Computer Name = ML29BL75 | Source = Google Update | ID = 20
Description =
Error - 26/09/2010 03:41:05 | Computer Name = ML29BL75 | Source = Google Update | ID = 20
Description =
Error - 26/09/2010 04:03:05 | Computer Name = ML29BL75 | Source = Google Update | ID = 20
Description =
Error - 26/09/2010 04:41:05 | Computer Name = ML29BL75 | Source = Google Update | ID = 20
Description =
Error - 27/09/2010 08:40:08 | Computer Name = ML29BL75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 27/09/2010 08:40:39 | Computer Name = ML29BL75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 27/09/2010 08:41:10 | Computer Name = ML29BL75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 27/09/2010 08:41:40 | Computer Name = ML29BL75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 27/09/2010 09:05:17 | Computer Name = ML29BL75 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7000
Description = The Windows Audio service failed to start due to the following error:
%%1053
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the lanmanworkstation service.
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1053
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%231
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1053
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7000
Description = The Help and Support service failed to start due to the following
error: %%231
Error - 27/09/2010 09:23:45 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 27/09/2010 12:35:32 | Computer Name = ML29BL75 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
< End of report >
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 168):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xBA4BC000 cpqarray.sys
0xB9F31000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9F19000 atapi.sys
0xBA4C0000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4C4000 symc810.sys
0xBA0D8000 aic78xx.sys
0xBA4C8000 dac960nt.sys
0xBA0E8000 ql10wnt.sys
0xBA4CC000 amsint.sys
0xBA340000 asc.sys
0xBA4D0000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4D4000 ini910u.sys
0xBA0F8000 ql1240.sys
0xBA108000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B6000 cd20xrnt.sys
0xBA118000 ultra.sys
0xB9F00000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA128000 ql1080.sys
0xBA138000 ql1280.sys
0xBA148000 ql12160.sys
0xBA388000 perc2.sys
0xBA5B8000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4D8000 cbidf2k.sys
0xB9ED4000 dac2w2k.sys
0xBA158000 disk.sys
0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EB4000 fltmgr.sys
0xB9EA2000 sr.sys
0xBA178000 PxHelp20.sys
0xB9E8B000 KSecDD.sys
0xB9E78000 WudfPf.sys
0xB9DEB000 Ntfs.sys
0xB9DBE000 NDIS.sys
0xBA188000 Combo-Fix.sys
0xBA198000 viaagp.sys
0xBA1A8000 uagp35.sys
0xB9DA4000 Mup.sys
0xBA1B8000 alim1541.sys
0xBA1C8000 amdagp.sys
0xBA1D8000 agpCPQ.sys
0xB96BB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB961E000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xB960A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB95F7000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xB96AB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB969B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB95D4000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA468000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB95B0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB91C1000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB919D000 \SystemRoot\system32\drivers\portcls.sys
0xB968B000 \SystemRoot\system32\drivers\drmk.sys
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB967B000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA590000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9189000 \SystemRoot\system32\DRIVERS\parport.sys
0xB966B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA480000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA488000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA490000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA6ED000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB965B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9172000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA498000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\covpndrv.sys
0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9114000 \SystemRoot\system32\DRIVERS\update.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA268000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9843000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB7B7A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB7A51000 \SystemRoot\system32\DRIVERS\WPN111.sys
0xB7905000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\NAVEX15.SYS
0xB78E0000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB78CC000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\NAVENG.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA2C8000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA420000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9D4C000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xBA6EE000 \SystemRoot\System32\Drivers\Null.SYS
0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA57C000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA580000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB77F9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB9D3C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB77A0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB7772000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB774A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB7724000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9D2C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB7702000 \SystemRoot\System32\drivers\afd.sys
0xB9D1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB7699000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB766E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB75FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB96DB000 \SystemRoot\System32\Drivers\Fips.SYS
0xB75A0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB7583000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB9CDC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7543000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA626000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7BD0000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA77F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB300F000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB300B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2B7E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2A51000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2C3B000 \SystemRoot\system32\drivers\sysaudio.sys
0xB28E4000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA418000 \??\C:\DOCUME~1\Robbie\LOCALS~1\Temp\mbr.sys
0xB23F3000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA428000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB7AD2000 \??\C:\ComboFix\catchme.sys
0xBA660000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB2288000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 31):
0 System Idle Process
4 System
396 C:\WINDOWS\system32\smss.exe
444 csrss.exe
468 C:\WINDOWS\system32\winlogon.exe
512 C:\WINDOWS\system32\services.exe
524 C:\WINDOWS\system32\lsass.exe
672 C:\WINDOWS\system32\svchost.exe
720 svchost.exe
760 C:\WINDOWS\system32\svchost.exe
800 C:\WINDOWS\system32\svchost.exe
892 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
960 svchost.exe
1000 svchost.exe
1352 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1496 C:\WINDOWS\system32\spoolsv.exe
1652 svchost.exe
1700 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1884 C:\Program Files\Java\jre6\bin\jqs.exe
172 C:\WINDOWS\system32\svchost.exe
304 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2172 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
2208 alg.exe
3872 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3988 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
4012 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2792 C:\WINDOWS\explorer.exe
2480 C:\WINDOWS\system32\notepad.exe
2380 C:\WINDOWS\system32\ctfmon.exe
3588 C:\WINDOWS\notepad.exe
316 C:\Documents and Settings\Robbie\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`13876400 (NTFS)
PhysicalDrive0 Model Number: ExcelStorTechnologyJ880, Rev: PF2OA21B
Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 5695AAF95A32284894D71211499743BB702112B6
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB91C1000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBF012000 C:\WINDOWS\System32\vtdisp.dll 3493888 bytes (VIA/S3 Graphics Co, Ltd., VIA/S3G Graphics Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7905000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xB9DEB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB75FE000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7699000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
0xB75A0000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB9114000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB77A0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7A51000 C:\WINDOWS\system32\DRIVERS\WPN111.sys 364544 bytes (NETGEAR, Inc., Driver for NETGEAR WPN111)
0xB28E4000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB7B7A000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB23F3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB961E000 C:\WINDOWS\system32\DRIVERS\vtmini.sys 249856 bytes (Copyright © VIA/S3 Graphics Co, Ltd., VIA/S3G Miniport Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7772000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0xB2B7E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DBE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9ED4000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB2288000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB766E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB774A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7724000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB78E0000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB919D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB95B0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB95D4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB7702000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EB4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7583000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9DA4000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F00000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB9F19000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7543000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9F31000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E8B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9172000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2A51000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB78CC000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB9189000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB960A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB77F9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB95F7000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 77824 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9E78000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EA2000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9CDC000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB96AB000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB967B000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA188000 Combo-Fix.sys 61440 bytes
0xB968B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB969B000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB2C3B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA268000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA108000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA0D8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBA168000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9D4C000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB966B000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB965B000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA148000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA138000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA228000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1D8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xBA1B8000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xBA1C8000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB96DB000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA218000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA1A8000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xBA198000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA178000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA128000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA0F8000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xBA2C8000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA238000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB96BB000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB9D3C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9D1C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB20F8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA0E8000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA118000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xB9D2C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB7AD2000 C:\ComboFix\catchme.sys 32768 bytes
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\covpndrv.sys 32768 bytes (F5 Networks, Corp., VPNDRV NDIS WAN/TAPI Miniport for Windows.)
0xBA448000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA358000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBA368000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA340000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA390000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA388000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xBA360000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA370000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xBA378000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xBA490000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA418000 C:\DOCUME~1\Robbie\LOCALS~1\Temp\mbr.sys 24576 bytes
0xBA488000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xBA428000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA438000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA380000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xBA350000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xBA348000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xBA440000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA338000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xBA498000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3E8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB300F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA4C0000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xBA4D0000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xBA4D8000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xBA4BC000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xBA4C8000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xBA4D4000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB300B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4C4000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xBA560000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4CC000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB7BD0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9843000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA594000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5AC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xBA610000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B6000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xBA5AE000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xBA626000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA60E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B4000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA612000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5B8000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xBA660000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xBA614000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5DE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5B0000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xBA5E0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5B2000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6ED000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA77F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6EE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [i2omp.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [symtdi.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [srtsp.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [srtspx.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [i2omgmt.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [atapi.sys]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)