Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HACKED? getting [UNKNOWN IP]?after.php=[URL I WAS GOING TO]


  • Please log in to reply
1 reply to this topic

#1 GreenyG

GreenyG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 05 October 2010 - 09:23 AM

Hi,

about 40% of the time I click on links on my PC I get an extra tab open up with [UNKNOWN IP]?after.php=[URL I WAS GOING TO]

ie. something like: 204.87.65.45/?after.php=www.bleepingcomputer.com

I couldn't get RKUnhooker.exe to generate a report but I have included my hijack this report, OTL report and Combofix report

If anyone can help me I would be so grateful as this is my work PC and I'm scared it's being hacked. Also I can't just back up my data to DVD as there are terrabytes of info on there!

Thank in advance,

Liam


HIJACK THIS

CODE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:13:26, on 05/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\netdde.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Digidesign\Drivers\MMERefresh.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\notepad.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataCardMonitor] I:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] I:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "I:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] I:\WINDOWS\System32\MAFWTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] I:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Azureus] I:\Program Files\Vuze\Azureus.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "I:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - I:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - I:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - I:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - I:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 5324 bytes


Combo Fix
CODE
ComboFix 10-10-04.02 - Liam 05/10/2010  13:03:18.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3071.2600 [GMT 1:00]
Running from: i:\documents and settings\Liam\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 101004-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\documents and settings\All Users\Start Menu\Programs\Trojan Guarder
i:\documents and settings\All Users\Start Menu\Programs\Trojan Guarder\Contact Us.lnk
i:\documents and settings\All Users\Start Menu\Programs\Trojan Guarder\Help.lnk
i:\documents and settings\All Users\Start Menu\Programs\Trojan Guarder\Trojan Guarder.lnk
i:\documents and settings\All Users\Start Menu\Programs\Trojan Guarder\Uninstall.lnk
i:\documents and settings\All Users\Start Menu\Programs\Trojan Guarder\Visit Our Site.lnk
i:\documents and settings\Liam\Recent\Thumbs.db
i:\program files\Internet Explorer\SET42A4.tmp
i:\program files\Trojan Guarder
i:\program files\Trojan Guarder\_ConnectAllow_.txt
i:\program files\Trojan Guarder\_ConnectDeny_.txt
i:\program files\Trojan Guarder\Anti_Virus Help.chm
i:\program files\Trojan Guarder\AquaOS.dll
i:\program files\Trojan Guarder\BlackList.txt
i:\program files\Trojan Guarder\BlockList.txt
i:\program files\Trojan Guarder\bttom.jpg
i:\program files\Trojan Guarder\button.png.map
i:\program files\Trojan Guarder\clpt.dll
i:\program files\Trojan Guarder\config.ini
i:\program files\Trojan Guarder\Contact.exe
i:\program files\Trojan Guarder\EGhostLog.txt
i:\program files\Trojan Guarder\fmon.sys
i:\program files\Trojan Guarder\hook.dll
i:\program files\Trojan Guarder\msvcm.dll
i:\program files\Trojan Guarder\NetGuardBlack.txt
i:\program files\Trojan Guarder\NetGuardWhite.txt
i:\program files\Trojan Guarder\Products.htm
i:\program files\Trojan Guarder\pthreadVC2.dll.map
i:\program files\Trojan Guarder\rars.dll.map
i:\program files\Trojan Guarder\sfx.bmp
i:\program files\Trojan Guarder\skin.png.map
i:\program files\Trojan Guarder\SkinPPWTL.dll
i:\program files\Trojan Guarder\softhook.dll
i:\program files\Trojan Guarder\Trojan Guarder.exe
i:\program files\Trojan Guarder\trojan.update
i:\program files\Trojan Guarder\unins000.dat
i:\program files\Trojan Guarder\unins000.exe
i:\program files\Trojan Guarder\unism.dll
i:\program files\Trojan Guarder\unrar.dll.map
i:\program files\Trojan Guarder\update.exe
i:\program files\Trojan Guarder\Visit Our Site.url
i:\windows\system32\uninstall.exe

.
(((((((((((((((((((((((((   Files Created from 2010-09-05 to 2010-10-05  )))))))))))))))))))))))))))))))
.

2010-10-05 11:39 . 2010-10-05 11:39    388096    ----a-r-    i:\documents and settings\Liam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-05 11:39 . 2010-10-05 11:39    --------    d-----w-    i:\program files\Trend Micro
2010-09-21 15:36 . 2010-09-21 15:37    --------    d-----w-    I:\stuff
2010-09-17 16:14 . 2010-09-17 16:13    53632    ----a-w-    i:\documents and settings\Liam\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-17 16:14 . 2010-09-17 16:13    53632    ----a-w-    i:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-17 15:53 . 2010-09-17 15:53    --------    d-----w-    i:\program files\VisualLightBox

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 11:59 . 2010-07-16 17:05    --------    d-----w-    i:\documents and settings\All Users\Application Data\Kodak
2010-10-05 11:59 . 2010-02-16 15:37    --------    d-----w-    i:\program files\Common Files\Akamai
2010-10-05 11:58 . 2010-02-16 15:52    --------    d-----w-    i:\documents and settings\Liam\Application Data\Azureus
2010-10-05 11:54 . 2010-02-11 17:09    --------    d-----w-    i:\documents and settings\Liam\Application Data\Spotify
2010-10-05 11:32 . 2009-11-12 14:18    --------    d-----w-    i:\program files\Yahoo!
2010-10-05 11:32 . 2009-11-12 14:18    --------    d-----w-    i:\program files\Common Files\Scanner
2010-10-05 11:23 . 2010-04-06 19:17    --------    d-----w-    i:\program files\Microsoft Silverlight
2010-10-05 10:50 . 2010-08-25 14:41    --------    d-----w-    i:\documents and settings\Liam\Application Data\TweetAdder3
2010-10-04 20:50 . 2010-02-24 13:53    --------    d-----w-    i:\documents and settings\Liam\Application Data\vlc
2010-10-04 17:01 . 2009-07-18 03:27    --------    d-----w-    i:\program files\Common Files\Adobe
2010-10-01 15:28 . 2009-07-18 03:51    46232    ----a-w-    i:\documents and settings\Liam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-30 17:03 . 2009-12-02 16:17    1    ----a-w-    i:\documents and settings\Liam\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-29 18:12 . 2010-08-02 14:24    --------    d-----w-    i:\program files\Mozilla Thunderbird
2010-09-26 19:59 . 2010-07-20 10:52    --------    d-----w-    i:\program files\Google
2010-09-20 23:52 . 2010-08-25 14:39    --------    d-----w-    i:\program files\Tweet Adder 3
2010-09-20 13:02 . 2010-07-27 16:48    --------    d-----w-    i:\documents and settings\Liam\Application Data\DivX
2010-09-17 16:14 . 2009-07-18 03:27    --------    d-----w-    i:\program files\Common Files\Adobe AIR
2010-09-15 16:25 . 2010-03-17 14:02    --------    d-----w-    i:\documents and settings\Liam\Application Data\dvdcss
2010-09-07 02:36 . 2010-08-04 16:51    30876    ---ha-w-    i:\windows\system32\mlfcache.dat
2010-08-27 11:16 . 2010-04-06 14:12    --------    d-----w-    i:\documents and settings\Liam\Application Data\TweetAdder.com
2010-08-25 13:28 . 2009-11-12 14:18    --------    d-----w-    i:\program files\Common Files\LogiShrd
2010-08-25 13:28 . 2009-11-12 14:00    --------    d-----w-    i:\documents and settings\All Users\Application Data\LogiShrd
2010-08-25 13:27 . 2009-11-12 14:00    --------    d-----w-    i:\program files\Common Files\Logitech
2010-08-25 13:27 . 2009-07-18 02:52    --------    d--h--w-    i:\program files\InstallShield Installation Information
2010-08-25 13:27 . 2010-08-25 13:27    10134    ----a-r-    i:\documents and settings\Liam\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2010-08-24 15:55 . 2009-07-18 00:46    --------    d-----w-    i:\program files\Kaspersky Lab
2010-08-18 16:18 . 2010-09-01 15:36    52224    ----a-w-    i:\documents and settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-08-18 16:18 . 2010-09-01 15:36    101376    ----a-w-    i:\documents and settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-08-17 13:17 . 2007-07-27 12:00    58880    ----a-w-    i:\windows\system32\spoolsv.exe
2010-08-10 18:16 . 2010-02-16 15:50    --------    d-----w-    i:\program files\Vuze
2010-08-10 10:04 . 2009-12-04 21:09    --------    d-----w-    i:\documents and settings\Liam\Application Data\SendSpace Wizard
2010-08-02 10:31 . 2010-08-02 10:31    310208    ----a-w-    i:\documents and settings\Liam\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-07-27 16:49 . 2010-07-27 16:49    57344    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-27 16:48 . 2010-07-27 16:48    56765    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-27 16:48 . 2010-07-27 16:48    56997    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-27 16:48 . 2010-07-27 16:48    53600    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-27 16:48 . 2010-07-27 16:48    57715    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-27 16:48 . 2010-07-27 16:48    84054    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-27 16:48 . 2010-07-27 16:48    57054    ----a-w-    i:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-26 19:34 . 2010-07-26 19:34    73000    ----a-w-    i:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-22 15:49 . 2007-07-27 12:00    590848    ----a-w-    i:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-07-18 03:52    5120    ----a-w-    i:\windows\system32\xpsp4res.dll
2009-07-19 03:09 . 2009-07-18 00:46    7702048    --sha-w-    i:\windows\system32\drivers\fidbox.dat
2009-07-19 03:09 . 2009-07-18 00:46    557088    --sha-w-    i:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "i:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="i:\documents and settings\Liam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-17 135664]
"Azureus"="i:\program files\Vuze\Azureus.exe" [2010-08-10 227328]
"DAEMON Tools Pro Agent"="i:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"DataCardMonitor"="i:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2009-07-27 253952]
"WTClient"="WTClient.exe" [2009-10-05 32768]
"avast!"="i:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"PWRISOVM.EXE"="i:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"AdobeCS4ServiceManager"="i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"M-Audio Taskbar Icon"="i:\windows\System32\MAFWTray.exe" [2008-03-03 252424]
"DigidesignMMERefresh"="i:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-03-11 35328]
"Conime"="i:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="i:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28    72208    ----a-w-    i:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"i:\\Program Files\\HP Wireless Printer Adapter\\ConnectMgr.exe"=
"i:\\Program Files\\HP Wireless Printer Adapter\\SelectPrinter.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"i:\\Program Files\\Spotify\\spotify.exe"=
"i:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"i:\\Program Files\\Vuze\\Azureus.exe"=
"i:\\Documents and Settings\\Liam\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"i:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"i:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Program Files\\fotobounce\\FBEngine.exe"=
"i:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"9322:TCP"= 9322:TCP:EKDiscovery
"1099:TCP"= 1099:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;avast! Self Protection;i:\windows\system32\drivers\aswSP.sys [18/11/2009 13:52 114768]
R2 Akamai;Akamai NetSession Interface;i:\windows\System32\svchost.exe -k Akamai [27/07/2007 13:00 14336]
R2 aswFsBlk;aswFsBlk;i:\windows\system32\drivers\aswFsBlk.sys [18/11/2009 13:52 20560]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;i:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 12:49 284016]
R3 hpnuhst;HP NUSB Host;i:\windows\system32\drivers\hpnuhst.sys [28/10/2009 19:17 12032]
R3 HPNUHUB;HP NUSB Hub;i:\windows\system32\drivers\hpnuhub.sys [28/10/2009 19:17 39552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [20/07/2010 11:53 136176]
S3 HPWPAUSB;Wireless Printer Adapter;i:\windows\system32\drivers\HPWPAUSB.sys [28/10/2009 18:39 18560]
S3 MBAMSwissArmy;MBAMSwissArmy;i:\windows\system32\drivers\mbamswissarmy.sys [15/02/2010 15:30 38224]
S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\i:\docume~1\Liam\LOCALS~1\Temp\7zS1FC.tmp\SCPMPR5.SYS --> i:\docume~1\Liam\LOCALS~1\Temp\7zS1FC.tmp\SCPMPR5.SYS [?]
S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\i:\docume~1\Liam\LOCALS~1\Temp\7zS1FC.tmp\SCPNDIS5.SYS --> i:\docume~1\Liam\LOCALS~1\Temp\7zS1FC.tmp\SCPNDIS5.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 sptd;sptd;i:\windows\system32\drivers\sptd.sys [24/03/2010 17:45 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
Akamai    REG_MULTI_SZ       Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-10-05 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 10:52]

2010-10-05 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 10:52]

2010-10-04 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1482476501-682003330-1003Core.job
- i:\documents and settings\Liam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 12:46]

2010-10-04 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1482476501-682003330-1003UA.job
- i:\documents and settings\Liam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 12:46]

2010-10-05 i:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1482476501-682003330-1003.job
- i:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-10-03 i:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1482476501-682003330-1003.job
- i:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - i:\documents and settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\
FF - component: i:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: i:\documents and settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: i:\documents and settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: i:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: i:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: i:\documents and settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: i:\documents and settings\Liam\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: i:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: i:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-SLABCOMM - i:\windows\system32\uninstall.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
i:\program files\common files\logitech\bluetooth\LBTWlgn.dll
i:\program files\common files\logitech\bluetooth\LBTServ.dll
i:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-10-05  13:11:41
ComboFix-quarantined-files.txt  2010-10-05 12:11

Pre-Run: 27,379,843,072 bytes free
Post-Run: 43,657,740,288 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F12B773728F1EA8F4B75CC4648FD28F2


OTL.txt
CODE
OTL logfile created on: 05/10/2010 14:52:53 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): I:\pagefile.sys 0 0 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 978.05 Mb Total Space | 159.45 Mb Free Space | 16.30% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.88 Gb Total Space | 40.70 Gb Free Space | 17.48% Space Free | Partition Type: NTFS

Computer Name: BANTER-STATION2
Current User Name: Liam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - I:\WINDOWS\system32\BC2FB8FA.exe ()
PRC - C:\OTL.exe (OldTimer Tools)
PRC - I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - I:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd)
PRC - I:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - I:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - I:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\OTL.exe (OldTimer Tools)
MOD - I:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (BC2FB8FA) -- I:\WINDOWS\system32\BC2FB8FA.exe ()
SRV - (Akamai) -- i:\Program Files\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (Apple Mobile Device) -- I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state) -- I:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- I:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- I:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinTabService) -- I:\WINDOWS\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (avast! Antivirus) -- I:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- I:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Kodak AiO Network Discovery Service) -- I:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (LBTServ) -- I:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (DigiRefresh) -- I:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (Tablet2k) -- I:\WINDOWS\System32\Drivers\Tablet2k.sys File not found
DRV - (SCPNDIS5) -- I:\DOCUME~1\Liam\LOCALS~1\Temp\7zS1FC.tmp\SCPNDIS5.SYS File not found
DRV - (SCPMPR5) -- I:\DOCUME~1\Liam\LOCALS~1\Temp\7zS1FC.tmp\SCPMPR5.SYS File not found
DRV - (sptd) -- I:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (MBAMSwissArmy) -- I:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SCDEmu) -- I:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (aswMon2) -- I:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- I:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- I:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- I:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- I:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- I:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (gdrv) -- I:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (UCTblHid) -- I:\WINDOWS\system32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- I:\WINDOWS\system32\drivers\TClass2k.sys (Tablet Driver)
DRV - (nv) -- I:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adfs) -- I:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (hwdatacard) -- I:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (61883) -- I:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (gameenum) -- I:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- I:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HPWPAUSB) -- I:\WINDOWS\system32\drivers\HPWPAUSB.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HPNUHUB) -- I:\WINDOWS\system32\drivers\hpnuhub.sys (Hewlett-Packard Development Company)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- I:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (COMMONFX.DLL) -- I:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- I:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- I:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- I:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- I:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- I:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- I:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- I:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- I:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- I:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- I:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (LMouFilt) -- I:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- I:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- I:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (ctsfm2k) -- I:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- I:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap17v2k) -- I:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- I:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- I:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- I:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- I:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- I:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- I:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- I:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hpnuhst) -- I:\WINDOWS\system32\drivers\hpnuhst.sys (Hewlett-Packard Development Company)
DRV - (nvnetbus) -- I:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- I:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- I:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (TPkd) -- I:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (slabser) -- I:\WINDOWS\system32\drivers\slabser.sys (MCCI)
DRV - (slabbus) CP2101 USB Composite Device driver (WDM) -- I:\WINDOWS\system32\drivers\slabbus.sys (MCCI)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - I:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: I:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/02 17:11:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/17 16:46:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: I:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/19 12:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/09/02 13:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/09/02 13:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: I:\Program Files\Mozilla Thunderbird\components [2010/08/25 17:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: I:\Program Files\Mozilla Thunderbird\plugins

[2010/08/02 15:24:47 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Mozilla\Extensions
[2010/08/02 15:24:47 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Liam\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/18 05:10:11 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Liam\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/24 15:46:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions
[2010/09/01 16:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/01 16:36:14 | 000,000,000 | ---D | M] (DownloadHelper) -- I:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/01 16:36:13 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- I:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/02/11 15:39:04 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ld3qaixd.default\extensions\firefox@tvunetworks.com
[2010/09/24 15:46:27 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010/09/02 13:09:24 | 000,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/02 17:11:41 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/19 04:07:54 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/09/02 13:09:19 | 000,023,512 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/02 13:09:19 | 000,137,176 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/02 17:11:30 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/09/02 13:09:21 | 000,064,984 | ---- | M] (mozilla.org) -- I:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/17 16:46:30 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/07/26 20:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/07/26 20:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/07/26 20:43:53 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/07/26 20:43:53 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/07/26 20:43:53 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/07/26 20:43:53 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/07/26 20:43:53 | 000,159,744 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/03/17 16:46:52 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/03/17 16:46:12 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/11/02 15:13:36 | 000,001,538 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/02 15:13:36 | 000,002,193 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 15:13:36 | 000,000,947 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/02 15:13:36 | 000,001,534 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 15:13:36 | 000,000,769 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/02 15:13:36 | 000,002,371 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 15:13:36 | 000,001,178 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 15:13:36 | 000,000,831 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/05 13:10:16 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - I:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] I:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] I:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Conime] I:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] I:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] I:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DataCardMonitor] I:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] I:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] I:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [iTunesHelper] I:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] I:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] I:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] I:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WTClient] I:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [Azureus] I:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] I:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - I:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - I:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - I:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - I:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - I:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - I:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - I:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - I:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - I:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - i:\program files\common files\logitech\bluetooth\LBTWlgn.dll - i:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - I:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - I:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - I:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: I:\Documents and Settings\Liam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Liam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - I:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - I:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - I:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - I:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - I:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/17 18:08:45 | 000,000,000 | R--D | M] - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/10/05 12:59:50 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2010/10/05 12:59:50 | 000,161,792 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2010/10/05 12:59:50 | 000,136,704 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2010/10/05 12:59:50 | 000,031,232 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2010/10/05 12:59:44 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2010/10/05 12:58:17 | 000,000,000 | ---D | C] -- I:\ComboFix
[2010/10/05 12:57:51 | 000,000,000 | ---D | C] -- I:\Qoobox
[2010/10/05 12:39:39 | 000,000,000 | ---D | C] -- I:\Program Files\Trend Micro
[2010/10/04 18:01:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Liam\Desktop\Adobe Application Manager 1.0
[2010/10/01 15:26:15 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Liam\Desktop\100EOS5D
[2010/09/21 16:36:54 | 000,000,000 | ---D | C] -- I:\stuff
[2010/09/17 17:20:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Liam\My Documents\VisualLightBox
[2010/09/17 16:53:06 | 000,000,000 | ---D | C] -- I:\Program Files\VisualLightBox
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- I:\WINDOWS\System32\a3d.dll
[7 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[5 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/10/05 14:08:06 | 000,000,972 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1482476501-682003330-1003UA.job
[2010/10/05 13:58:01 | 000,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 13:50:15 | 000,006,656 | ---- | M] () -- I:\WINDOWS\System32\BC2FB8FA.exe
[2010/10/05 13:13:22 | 000,002,445 | ---- | M] () -- I:\Documents and Settings\Liam\Desktop\HiJackThis.lnk
[2010/10/05 13:11:42 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/10/05 13:10:21 | 000,000,227 | ---- | M] () -- I:\WINDOWS\system.ini
[2010/10/05 13:10:16 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2010/10/05 12:59:43 | 000,002,422 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/10/05 12:59:41 | 000,000,276 | ---- | M] () -- I:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1482476501-682003330-1003.job
[2010/10/05 12:59:40 | 000,000,878 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 12:59:17 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/10/05 12:58:36 | 007,864,320 | -H-- | M] () -- I:\Documents and Settings\Liam\NTUSER.DAT
[2010/10/05 12:58:35 | 000,031,104 | ---- | M] () -- I:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-20011102}.rfx
[2010/10/05 12:58:35 | 000,031,104 | ---- | M] () -- I:\WINDOWS\System32\BMXState-{00000001-00000000-00000006-00001102-00000004-20011102}.rfx
[2010/10/05 12:58:35 | 000,030,168 | ---- | M] () -- I:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-20011102}.rfx
[2010/10/05 12:58:35 | 000,030,168 | ---- | M] () -- I:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-20011102}.rfx
[2010/10/05 12:58:35 | 000,011,564 | ---- | M] () -- I:\WINDOWS\System32\DVCState-{00000001-00000000-00000006-00001102-00000004-20011102}.rfx
[2010/10/05 12:37:15 | 000,215,715 | ---- | M] () -- I:\WINDOWS\System32\nvapps.xml
[2010/10/05 12:23:18 | 002,058,472 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/05 12:09:55 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\Liam\ntuser.ini
[2010/10/05 11:49:51 | 088,961,535 | ---- | M] () -- I:\Documents and Settings\Liam\Desktop\IMG_5958.psd
[2010/10/05 11:36:47 | 000,012,917 | ---- | M] () -- I:\Documents and Settings\Liam\Desktop\takedown report.odt
[2010/10/04 21:08:01 | 000,000,920 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1482476501-682003330-1003Core.job
[2010/10/04 19:42:01 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/03 16:31:06 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1482476501-682003330-1003.job
[2010/10/03 15:37:32 | 000,321,217 | ---- | M] () -- I:\Documents and Settings\Liam\Desktop\SA.jpg
[2010/10/02 18:16:54 | 028,242,055 | ---- | M] () -- I:\Documents and Settings\Liam\Desktop\KT_greenscreenFRAME.psd
[2010/10/01 16:28:27 | 000,046,232 | ---- | M] () -- I:\Documents and Settings\Liam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/29 11:55:54 | 005,345,276 | ---- | M] () -- I:\Documents and Settings\Liam\Desktop\4925663371_b1787fba7a_o.jpg
[2010/09/23 00:06:53 | 000,122,368 | ---- | M] () -- I:\Documents and Settings\Liam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 03:03:41 | 000,001,374 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2010/09/07 03:36:53 | 000,030,876 | -H-- | M] () -- I:\WINDOWS\System32\mlfcache.dat
[7 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[5 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/10/05 13:50:15 | 000,006,656 | ---- | C] () -- I:\WINDOWS\System32\BC2FB8FA.exe
[2010/10/05 12:59:50 | 000,256,512 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2010/10/05 12:59:50 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2010/10/05 12:59:50 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2010/10/05 12:59:50 | 000,077,312 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2010/10/05 12:59:50 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2010/10/05 12:39:39 | 000,002,445 | ---- | C] () -- I:\Documents and Settings\Liam\Desktop\HiJackThis.lnk
[2010/10/05 11:49:45 | 088,961,535 | ---- | C] () -- I:\Documents and Settings\Liam\Desktop\IMG_5958.psd
[2010/10/05 11:36:39 | 000,012,917 | ---- | C] () -- I:\Documents and Settings\Liam\Desktop\takedown report.odt
[2010/10/02 18:16:51 | 028,242,055 | ---- | C] () -- I:\Documents and Settings\Liam\Desktop\KT_greenscreenFRAME.psd
[2010/09/29 11:55:54 | 005,345,276 | ---- | C] () -- I:\Documents and Settings\Liam\Desktop\4925663371_b1787fba7a_o.jpg
[2010/09/29 11:55:25 | 000,321,217 | ---- | C] () -- I:\Documents and Settings\Liam\Desktop\SA.jpg
[2010/07/20 17:08:32 | 000,000,192 | ---- | C] () -- I:\WINDOWS\PCHF_sysSpec.INI
[2010/07/16 17:55:39 | 000,399,074 | ---- | C] () -- I:\Documents and Settings\Liam\Local Settings\Application Data\installer.log
[2010/05/27 15:48:59 | 000,000,215 | ---- | C] () -- I:\WINDOWS\STRYBORD.INI
[2010/04/06 15:14:46 | 007,365,632 | ---- | C] () -- I:\Documents and Settings\Liam\Application Data\TweetAdder
[2010/03/22 14:15:14 | 000,217,088 | ---- | C] () -- I:\WINDOWS\System32\qtmlClient.dll
[2010/01/11 14:31:17 | 000,135,168 | ---- | C] () -- I:\WINDOWS\System32\WinPenTools.dll
[2009/12/09 16:05:31 | 000,003,513 | ---- | C] () -- I:\WINDOWS\Tablet5500x4000M.ini
[2009/11/12 15:18:11 | 000,000,760 | ---- | C] () -- I:\Documents and Settings\Liam\Application Data\setup_ldm.iss
[2009/11/09 19:34:49 | 000,200,704 | ---- | C] () -- I:\WINDOWS\System32\WinTab32.dll
[2009/11/09 19:34:49 | 000,010,240 | ---- | C] () -- I:\WINDOWS\System32\ucinst32.dll
[2009/10/28 20:01:45 | 000,000,342 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/20 03:06:31 | 002,463,976 | ---- | C] () -- I:\WINDOWS\System32\NPSWF32.dll
[2009/07/20 02:05:08 | 000,168,448 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[2009/07/20 02:05:08 | 000,000,038 | ---- | C] () -- I:\WINDOWS\avisplitter.ini
[2009/07/20 02:05:07 | 003,596,288 | ---- | C] () -- I:\WINDOWS\System32\qt-dx331.dll
[2009/07/20 02:05:07 | 000,881,664 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2009/07/20 02:05:07 | 000,205,824 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2009/07/20 02:05:06 | 000,085,504 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll
[2009/07/20 02:05:06 | 000,000,547 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/19 20:54:43 | 000,122,368 | ---- | C] () -- I:\Documents and Settings\Liam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:52:49 | 000,008,708 | ---- | C] () -- I:\WINDOWS\Ascd_log.ini
[2009/07/18 01:52:34 | 000,008,670 | ---- | C] () -- I:\WINDOWS\Ascd_tmp.ini
[2009/07/18 01:51:53 | 000,010,288 | ---- | C] () -- I:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/28 00:03:00 | 001,724,416 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/28 00:03:00 | 001,503,232 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2009/03/28 00:03:00 | 001,101,824 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2009/03/28 00:03:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- I:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- I:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- I:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- I:\WINDOWS\System32\CTBurst.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- I:\WINDOWS\System32\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- I:\WINDOWS\System32\ctmmactl.dll
[2004/03/15 16:29:12 | 000,000,061 | ---- | C] () -- I:\WINDOWS\System32\uninstall.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010/02/16 16:52:08 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/22 01:07:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Blender Foundation
[2010/03/24 17:45:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/26 20:48:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/19 21:30:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/04 17:49:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Applied Recognition Inc
[2010/10/05 12:58:23 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Azureus
[2009/07/22 01:07:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Blender Foundation
[2010/04/06 14:50:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1
[2010/03/24 17:52:36 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\DAEMON Tools Pro
[2010/08/04 17:46:34 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Downloaded Installations
[2010/06/24 18:09:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\FileZilla
[2009/12/02 21:19:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\FontCreator
[2010/08/04 17:50:02 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Fotobounce.5A4B2D7CDB401C978E159E6BB968B150A9B58BC9.1
[2009/11/13 20:11:18 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\gtk-2.0
[2009/07/27 09:50:59 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\HCM Updater
[2009/11/12 15:18:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Leadertech
[2010/07/01 15:24:07 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\MPEG Streamclip
[2009/12/02 17:16:20 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\OpenOffice.org
[2010/08/10 11:04:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\SendSpace Wizard
[2010/10/05 12:54:43 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Spotify
[2010/07/16 18:36:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Temp
[2010/08/02 15:24:41 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\Thunderbird
[2010/08/27 12:16:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\TweetAdder.com
[2010/10/05 11:50:11 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Liam\Application Data\TweetAdder3

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2009/07/18 02:04:46 | 000,000,210 | -HS- | M] () -- I:\boot.ini
[2010/10/05 13:11:42 | 000,018,890 | ---- | M] () -- I:\ComboFix.txt
[2009/07/18 03:53:38 | 000,000,206 | ---- | M] () -- I:\csb.log
[2010/07/30 00:20:47 | 182,789,948 | ---- | M] () -- I:\flyer mock.psd
[2007/07/27 13:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2009/12/02 13:04:32 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2010/10/05 12:59:11 | 3220,680,704 | -HS- | M] () -- I:\pagefile.sys

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[7 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Taks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/07/18 02:04:46 | 000,094,208 | ---- | M] () -- I:\WINDOWS\system32\config\default.sav
[2009/07/18 02:04:46 | 000,659,456 | ---- | M] () -- I:\WINDOWS\system32\config\software.sav
[2009/07/18 02:04:46 | 000,913,408 | ---- | M] () -- I:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color]
[2009/07/31 14:58:00 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/15 16:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
< End of report >


Extras.txt

CODE
OTL Extras logfile created on: 05/10/2010 14:52:53 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): I:\pagefile.sys 0 0 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 978.05 Mb Total Space | 159.45 Mb Free Space | 16.30% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.88 Gb Total Space | 40.70 Gb Free Space | 17.48% Space Free | Partition Type: NTFS

Computer Name: BANTER-STATION2
Current User Name: Liam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"1099:TCP" = 1099:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"I:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe" = I:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com -- ()
"I:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe" = I:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe:*:Enabled:WPS_ConnectMgr -- ()
"I:\Program Files\HP Wireless Printer Adapter\SelectPrinter.exe" = I:\Program Files\HP Wireless Printer Adapter\SelectPrinter.exe:*:Enabled:WPS_SelectPrinter -- ()
"I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"I:\Program Files\Spotify\spotify.exe" = I:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"I:\Program Files\TVUPlayer\TVUPlayer.exe" = I:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"I:\Program Files\Vuze\Azureus.exe" = I:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"I:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = I:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"I:\Program Files\Google\Google Earth\client\googleearth.exe" = I:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"I:\Program Files\Bonjour\mDNSResponder.exe" = I:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"I:\Program Files\iTunes\iTunes.exe" = I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"I:\Program Files\fotobounce\FBEngine.exe" = I:\Program Files\fotobounce\FBEngine.exe:*:Enabled:FBEngine -- ()
"I:\Program Files\Messenger\msmsgs.exe" = I:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EDA4999-1113-4B01-8690-B91A8BE20C58}" = Tweet Adder 3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D0B3321-6B33-415D-AE8A-A9E1177ECF4D}" = Digidesign Pro ToolsŪ M-Powered 6.8
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E791A7-8FB2-FF3C-C821-FECB09E2A8F5}" = Hummingbird
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D9CF5E60-42B1-489B-A0E2-9A6EE3DEB969}" = FireWire Family
"{DD45518C-FFEA-4CAD-8468-348963375BBC}" = Fotobounce
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_8bb24e071e5922899698c2105557bd2" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Emicsoft TOD Converter_is1" = Emicsoft TOD Converter
"FileZilla Client" = FileZilla Client 3.3.0.1
"FontCreator6_is1" = High-Logic FontCreator 6.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogoSmartz 5.0 Trial" = LogoSmartz 5.0 Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"NVIDIA Drivers" = NVIDIA Drivers
"PenScanner Twain Driver" = PenScanner Twain Driver
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"SendSpaceWizard" = SendSpace Wizard
"Spotify" = Spotify
"Storyboard tools" = Storyboard tools
"TVUPlayer" = TVUPlayer 2.5.0.1
"VisualLightBox" = VisualLightBox
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"web'n'walk Manager" = web'n'walk Manager
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 25/08/2010 10:07:17 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Temp\scoped_dir8947\TEMP_INSTALL\contentscript.js
failed, 00000005.  

Error - 25/08/2010 10:07:17 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Temp\scoped_dir8947\TEMP_INSTALL\manifest.json
failed, 00000005.  

Error - 25/08/2010 10:07:17 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Temp\scoped_dir8947\DECODED_IMAGES
failed, 00000005.  

Error - 25/08/2010 10:07:17 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Temp\scoped_dir8947\DECODED_MESSAGE_CATALOGS
failed, 00000005.  

Error - 11/09/2010 15:47:36 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100EOS5D\_MG_4093.JPG failed, 0000001E.  

Error - 27/09/2010 10:34:53 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\User
Data\Default\databases\http_www.entireweb.com_0\1-journal failed, 00000005.  

Error - 27/09/2010 10:34:53 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\User
Data\Default\databases\http_www.entireweb.com_0\1-journal failed, 00000005.  

Error - 27/09/2010 10:34:53 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\User
Data\Default\databases\http_www.entireweb.com_0\1-journal failed, 00000005.  

Error - 27/09/2010 10:34:53 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\User
Data\Default\databases\http_www.entireweb.com_0\1-journal failed, 00000005.  

Error - 27/09/2010 10:34:57 | Computer Name = BANTER-STATION2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Documents and Settings\Liam\Local Settings\Application Data\Google\Chrome\User
Data\Default\databases\http_www.entireweb.com_0\1 failed, 00000005.  

[ Application Events ]
Error - 28/09/2010 21:29:25 | Computer Name = BANTER-STATION2 | Source = Application Error | ID = 1000
Description = Faulting application xoftspyservice.exe, version 1.2.0.0, faulting
module Utility.pxt, version 1.2.0.0, fault address 0x00034468.

Error - 29/09/2010 06:53:05 | Computer Name = BANTER-STATION2 | Source = Application Hang | ID = 1002
Description = Hanging application WTGU.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/10/2010 11:29:57 | Computer Name = BANTER-STATION2 | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.66.73.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 01/10/2010 11:31:33 | Computer Name = BANTER-STATION2 | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.66.73.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/10/2010 18:31:42 | Computer Name = BANTER-STATION2 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x009a61ae.

Error - 05/10/2010 07:24:38 | Computer Name = BANTER-STATION2 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a61ae.

Error - 05/10/2010 07:29:29 | Computer Name = BANTER-STATION2 | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 05/10/2010 07:29:29 | Computer Name = BANTER-STATION2 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 05/10/2010 07:29:29 | Computer Name = BANTER-STATION2 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 05/10/2010 07:29:29 | Computer Name = BANTER-STATION2 | Source = Bonjour Service | ID = 100
Description = 260: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 01/10/2010 07:45:22 | Computer Name = BANTER-STATION2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more  time sources, however none of the sources are currently accessible.   No attempt
to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
time.

Error - 01/10/2010 07:45:24 | Computer Name = BANTER-STATION2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 01/10/2010 07:45:24 | Computer Name = BANTER-STATION2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more  time sources, however none of the sources are currently accessible.   No attempt
to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
time.

Error - 01/10/2010 07:45:46 | Computer Name = BANTER-STATION2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 01/10/2010 07:45:46 | Computer Name = BANTER-STATION2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more  time sources, however none of the sources are currently accessible.   No attempt
to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
time.

Error - 01/10/2010 10:07:23 | Computer Name = BANTER-STATION2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\D.

Error - 01/10/2010 20:58:29 | Computer Name = BANTER-STATION2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 03/10/2010 20:58:30 | Computer Name = BANTER-STATION2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 05/10/2010 07:23:24 | Computer Name = BANTER-STATION2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 05/10/2010 07:23:24 | Computer Name = BANTER-STATION2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


< End of report >






BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:55 PM

Posted 12 October 2010 - 06:32 AM

Hello GreenyG

Welcome to BleepingComputer smile.gif
==========================
One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users