Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijacThis Log; Please Help Diagnose


  • This topic is locked This topic is locked
26 replies to this topic

#1 Jayhova

Jayhova

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 21 April 2011 - 06:36 AM

Ok please somebody help!!!
I am going insane!

I had a virus from some malware software. My wife said a popup came on screen saying do you want to run a safety check she clicked yes and that is where the problem started. It installed a virus that i thought I had deleted from the computer via malware bytes anti virus programme reccommedned on various forums/ websites!

I though everything was fine but I can now not load up Google's website...Bings....Yahoo....and various other search engines! I love Google and its very annoying!

I have tried many steps like dumping cache flushing etc various virus checkers but nothing can detect what is wrong until I found details similar to my problems on another forum! I have run the scan from HijackThis programme but do now want to delete any programmes that may harm the computer in the long run!!!!

Please please someone help me....the report from HijackThis is below!!!!!
.................................................................................................................................
...................................................................................................................................


ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:12, on 21/04/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25452
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 www.google.com.au
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 www.google.be
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 www.google.com.br
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 96.44.181.245 www.google.ca
O1 - Hosts: 96.44.181.245 google.ch
O1 - Hosts: 96.44.181.245 www.google.ch
O1 - Hosts: 96.44.181.245 google.de
O1 - Hosts: 96.44.181.245 www.google.de
O1 - Hosts: 96.44.181.245 google.dk
O1 - Hosts: 96.44.181.245 www.google.dk
O1 - Hosts: 96.44.181.245 google.fr
O1 - Hosts: 96.44.181.245 www.google.fr
O1 - Hosts: 96.44.181.245 google.ie
O1 - Hosts: 96.44.181.245 www.google.ie
O1 - Hosts: 96.44.181.245 google.it
O1 - Hosts: 96.44.181.245 www.google.it
O1 - Hosts: 96.44.181.245 google.co.jp
O1 - Hosts: 96.44.181.245 www.google.co.jp
O1 - Hosts: 96.44.181.245 google.nl
O1 - Hosts: 96.44.181.245 www.google.nl
O1 - Hosts: 96.44.181.245 google.no
O1 - Hosts: 96.44.181.245 www.google.no
O1 - Hosts: 96.44.181.245 google.co.nz
O1 - Hosts: 96.44.181.245 www.google.co.nz
O1 - Hosts: 96.44.181.245 google.pl
O1 - Hosts: 96.44.181.245 www.google.pl
O1 - Hosts: 96.44.181.245 google.se
O1 - Hosts: 96.44.181.245 www.google.se
O1 - Hosts: 96.44.181.245 google.co.uk
O1 - Hosts: 96.44.181.245 google.co.za
O1 - Hosts: 96.44.181.245 www.google.co.za
O1 - Hosts: 96.44.181.245 www.bing.com
O1 - Hosts: 96.44.181.245 search.yahoo.com
O1 - Hosts: 96.44.181.245 www.search.yahoo.com
O1 - Hosts: 96.44.181.245 uk.search.yahoo.com
O1 - Hosts: 96.44.181.245 ca.search.yahoo.com
O1 - Hosts: 96.44.181.245 de.search.yahoo.com
O1 - Hosts: 96.44.181.245 fr.search.yahoo.com
O1 - Hosts: 96.44.181.245 au.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11287 bytes

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:21 PM

Posted 21 April 2011 - 06:03 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Seems like one issue you have is your Host File is infected.

Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 22 April 2011 - 07:00 AM

Thanks so much for getting back to me its much appreciated. I didnt get notice of your reply until I checked my previous forum post!!!

Here are the logs you requested. the computer is a slow notebook but its so frustrating not having any search engine the rest of internet works fine.....

What else do you need to know????



All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Jason\Desktop\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Desktop\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Jason
->Temp folder emptied: 42347078 bytes
->Temporary Internet Files folder emptied: 21503558 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5084005 bytes
->Google Chrome cache emptied: 7104810 bytes
->Flash cache emptied: 40792 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30742800 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
RecycleBin emptied: 546235142 bytes

Total Files Cleaned = 623.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 04222011_123444

------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 4/22/2011 12:40:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 29.19 Gb Free Space | 50.14% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 38.70 Gb Free Space | 24.95% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 12:40:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2011/04/22 12:06:09 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTM.exe
PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/05/11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/04/23 22:40:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/23 22:40:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/08/12 22:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 04:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 12:40:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/23 22:40:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/23 22:40:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 13:01:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/23 15:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/28 13:14:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 22:06:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/10 07:57:53 | 000,130,048 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/04/23 22:40:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/23 22:40:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/23 22:40:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/23 22:40:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/12 03:05:35 | 000,558,080 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SISGRKMD.sys -- (SiS6350)
DRV:64bit: - [2009/08/20 03:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/08/01 09:08:25 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 BD AD 2C E1 FD CB 01 [binary data]
IE - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25452

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/06 18:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/30 19:57:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/03 08:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/17 12:53:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/30 19:57:32 | 000,000,000 | ---D | M]

[2011/03/03 08:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Extensions
[2011/03/03 08:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Firefox\Profiles\9oexgti6.default\extensions
[2011/03/03 08:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/30 19:57:31 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/03/06 18:57:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/19 03:22:36 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/02/19 03:22:36 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/02/19 03:22:36 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/02/19 03:22:36 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/31 23:36:24 | 000,002,127 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 www.google.com.au
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 www.google.be
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 www.google.com.br
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 96.44.181.245 www.google.ca
O1 - Hosts: 96.44.181.245 google.ch
O1 - Hosts: 96.44.181.245 www.google.ch
O1 - Hosts: 96.44.181.245 google.de
O1 - Hosts: 96.44.181.245 www.google.de
O1 - Hosts: 96.44.181.245 google.dk
O1 - Hosts: 96.44.181.245 www.google.dk
O1 - Hosts: 96.44.181.245 google.fr
O1 - Hosts: 96.44.181.245 www.google.fr
O1 - Hosts: 96.44.181.245 google.ie
O1 - Hosts: 96.44.181.245 www.google.ie
O1 - Hosts: 96.44.181.245 google.it
O1 - Hosts: 96.44.181.245 www.google.it
O1 - Hosts: 96.44.181.245 google.co.jp
O1 - Hosts: 96.44.181.245 www.google.co.jp
O1 - Hosts: 96.44.181.245 google.nl
O1 - Hosts: 96.44.181.245 www.google.nl
O1 - Hosts: 21 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (Productivity 2.2 Toolbar) - {E84CC2C1-B722-48FC-A39C-EDB8B525C777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\OLT.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 12:40:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/04/22 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{05B08B3D-B6F4-4B9A-9B47-E65B7E20FF61}
[2011/04/22 12:05:45 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTM.exe
[2011/04/22 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E97E650C-6C7C-4482-B447-50F375A18F36}
[2011/04/21 13:55:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B8347977-4E20-42C2-95F6-7B153603C981}
[2011/04/21 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/21 11:59:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2C05A505-A103-4BD8-8C12-A2F50754EF8B}
[2011/04/21 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/21 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9C45C7FE-16E7-44CE-9D53-2481FEBBE09D}
[2011/04/20 09:18:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CFACD3E9-49A7-4CBD-A361-4E36C374BDC0}
[2011/04/18 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apps
[2011/04/18 09:05:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EeeStorageUploader
[2011/04/18 08:53:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D08083EE-69C2-40D9-A10B-459C539C5930}
[2011/04/17 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4EA6383C-7454-4F44-9685-2DBBF8A70C57}
[2011/04/16 21:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2011/04/16 09:54:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F31CCE27-67C9-4F1C-A050-D3C9BC3D974F}
[2011/04/15 11:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F79CD03B-343C-4A47-A958-321778601331}
[2011/04/14 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2011/04/14 13:25:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4291003D-9ED1-4F80-8D89-C2D813E6A03D}
[2011/04/13 23:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{03095AAC-FB5F-48FB-BFAF-F0E58F455B9F}
[2011/04/13 12:38:38 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/13 12:38:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/13 12:38:32 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/13 12:38:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/13 12:38:29 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/13 12:38:11 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/13 12:38:10 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/13 12:38:09 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/13 12:38:08 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/13 12:37:52 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/13 12:37:52 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/13 12:37:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/13 12:37:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/13 12:37:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/13 12:37:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/13 12:36:34 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/13 12:36:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/13 12:36:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/13 12:36:21 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/13 12:36:20 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/13 12:36:19 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/13 12:36:19 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/13 12:36:18 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/13 12:36:18 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/13 12:36:18 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/13 12:32:28 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/13 09:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AD0B2C86-A87F-4C1C-854C-40B8F8DE05D7}
[2011/04/12 13:23:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7C79DF6F-A325-4533-9F1A-217AB850A8B8}
[2011/04/11 17:54:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DAEMON Tools Pro
[2011/04/11 17:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/04/11 16:45:59 | 000,017,128 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2011/04/11 16:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
[2011/04/11 12:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/04/11 08:58:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FB57FE39-9092-4D64-9F1B-FC0332FC2209}
[2011/04/10 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{814D64C0-C5B0-4955-9796-89CEC76AB848}
[2011/04/10 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Windows Live Writer
[2011/04/10 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Windows Live Writer
[2011/04/10 01:51:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{10C64183-84B8-482B-9FF7-DBD0B363B9EF}
[2011/04/09 13:45:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{155EABC3-0E26-4B03-8A6E-EA5AF1AEE1CB}
[2011/04/08 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{98B4B39F-2507-41BF-BFCA-72C62DCF0E61}
[2011/04/07 16:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DivX
[2011/04/07 16:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/04/07 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/04/07 16:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/04/07 16:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/07 09:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1F34C663-E458-46D0-8B50-411159F46192}
[2011/04/06 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D45B3F3A-3475-4B58-9ABD-970D25F68C74}
[2011/04/05 11:45:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EFE37039-A784-4C3B-8E50-D5094948EC38}
[2011/04/04 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1A03FC56-3321-43F9-A016-133624A8E869}
[2011/04/03 10:06:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{5B34D524-02FB-4B7A-A241-22B6D80CD934}
[2011/04/02 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{92485788-7FB0-4D59-BA07-78976044A746}
[2011/04/01 22:10:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A00217F7-419F-4BD3-90E1-C5206FB2EFA9}
[2011/04/01 10:09:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AC7EBB48-167B-4DBC-B1F8-5241B8841C31}
[2011/03/31 09:46:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AD2E03B6-5013-4734-89F7-41869C3EC897}
[2011/03/30 20:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011/03/30 19:56:31 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2011/03/30 19:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/03/30 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{204BA3DB-0B17-4005-A9A9-4C63AD873ABC}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/22 12:40:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/04/22 12:36:25 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 12:36:25 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 12:27:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/22 12:26:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/22 12:26:15 | 1503,354,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 12:06:09 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTM.exe
[2011/04/22 11:53:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 14:32:09 | 000,000,830 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2011/04/21 12:06:19 | 000,002,975 | ---- | M] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2011/04/18 09:59:04 | 000,007,620 | ---- | M] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
[2011/04/16 21:49:43 | 003,823,704 | ---- | M] () -- C:\Users\Jason\Desktop\veetle-0.9.15.exe
[2011/04/16 09:59:30 | 000,001,982 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/04/16 09:59:21 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/04/14 17:29:53 | 000,275,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/14 13:32:42 | 000,732,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/14 13:32:42 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/14 13:32:42 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/10 03:54:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2011/04/01 12:14:56 | 000,001,080 | ---- | M] () -- C:\Users\Jason\Desktop\Pictures - Shortcut.lnk
[2011/03/30 20:00:00 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011/03/25 18:03:52 | 000,017,128 | ---- | M] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2011/03/25 05:35:24 | 000,374,272 | ---- | M] () -- C:\Windows\SysWow64\mss32.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/21 12:06:19 | 000,002,975 | ---- | C] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2011/04/18 09:56:52 | 000,007,620 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
[2011/04/16 21:43:35 | 003,823,704 | ---- | C] () -- C:\Users\Jason\Desktop\veetle-0.9.15.exe
[2011/04/11 16:45:37 | 000,374,272 | ---- | C] () -- C:\Windows\SysWow64\mss32.dll
[2011/04/01 12:14:56 | 000,001,080 | ---- | C] () -- C:\Users\Jason\Desktop\Pictures - Shortcut.lnk
[2011/03/30 19:59:59 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011/03/23 01:35:43 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/03/10 17:22:02 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2011/01/31 23:02:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/16 10:31:31 | 000,736,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/30 00:52:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/02/09 08:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/10/26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/05/19 04:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

------------------------------------
------------------------------------

OTL Extras logfile created on: 4/22/2011 12:40:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 29.19 Gb Free Space | 50.14% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 38.70 Gb Free Space | 24.95% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.12_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SiS VGA Utilities" = SiS VGA Utilities
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.3 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFF63B1C-07DC-4C4D-A1FA-76460710AC5F}_is1" = PC Doc Pro v5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"avast" = avast! Internet Security
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PC Doc Pro" = PC Doc Pro v5
"PowerISO" = PowerISO
"Productivity_2.2 Toolbar" = Productivity 2.2 Toolbar
"SopCast" = SopCast 3.3.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2011 6:41:10 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RomeTW-BI.exe, version: 1.0.0.0, time stamp:
0x430600e9 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x00038da9 Faulting process id:
0x5d8 Faulting application start time: 0x01cbfae26f83aedb Faulting application path:
D:\FOOTBALLMANAGER2011\Sports Interactive\Football Manager 2011\audrey\RomeTW-BI.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 4af17af7-66e8-11e0-9c6c-20cf306a56c7

Error - 4/15/2011 7:17:09 AM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 15.4.3508.1109 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 710 Start
Time: 01cbfb5bbada938f Termination Time: 0 Application Path: C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe Report Id: 87a16b8e-6751-11e0-ab65-20cf306a56c7

Error - 4/16/2011 10:40:27 AM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/16/2011 10:42:34 AM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/16/2011 4:43:07 PM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SV151VK0\SoftonicDownloader_for_veetle[1].exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 4/17/2011 2:15:43 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program RomeTW.exe version 1.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1420 Start Time:
01cbfd18a435fa7a Termination Time: 414 Application Path: D:\FOOTBALLMANAGER2011\Sports
Interactive\Football Manager 2011\audrey\RomeTW.exe Report Id:

Error - 4/17/2011 3:13:44 PM | Computer Name = Jason-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2011-04-17T18:15:17.068113200Z'
has failed with following error code '2155348129' (%%2155348129). Please review
the event details for a solution, and then rerun the backup operation once the
issue is resolved.

Error - 4/18/2011 4:38:03 AM | Computer Name = Jason-PC | Source = VSS | ID = 8194
Description =

Error - 4/18/2011 4:26:34 PM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/18/2011 4:28:41 PM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/14/2011 3:14:01 PM | Computer Name = Jason-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 4/14/2011 3:38:40 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 4/15/2011 6:55:55 AM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:11:05 on ?15/?04/?2011 was unexpected.

Error - 4/15/2011 7:10:38 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.

Error - 4/15/2011 6:03:03 PM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:01:13 on ?15/?04/?2011 was unexpected.

Error - 4/16/2011 10:20:32 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 4/16/2011 8:35:20 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115

Error - 4/19/2011 8:23:31 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 4/19/2011 8:36:05 AM | Computer Name = Jason-PC | Source = volsnap | ID = 393225
Description = The flush and hold writes operation on volume C: timed out while waiting
for file system cleanup.

Error - 4/20/2011 10:11:37 AM | Computer Name = Jason-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:21 PM

Posted 22 April 2011 - 02:38 PM

Hi!

I have the information I need right now.

I can see we still have some work to do.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25452
    O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-809179788-3682372581-2649486876-1000..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O27:64bit: - HKLM IFEO\OLT.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
    [2011/04/22 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{05B08B3D-B6F4-4B9A-9B47-E65B7E20FF61}
    [2011/04/22 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E97E650C-6C7C-4482-B447-50F375A18F36}
    [2011/04/21 13:55:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B8347977-4E20-42C2-95F6-7B153603C981}
    [2011/04/21 11:59:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2C05A505-A103-4BD8-8C12-A2F50754EF8B}
    [2011/04/21 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9C45C7FE-16E7-44CE-9D53-2481FEBBE09D}
    [2011/04/20 09:18:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CFACD3E9-49A7-4CBD-A361-4E36C374BDC0}
    [2011/04/18 08:53:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D08083EE-69C2-40D9-A10B-459C539C5930}
    [2011/04/17 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4EA6383C-7454-4F44-9685-2DBBF8A70C57}
    [2011/04/16 09:54:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F31CCE27-67C9-4F1C-A050-D3C9BC3D974F}
    [2011/04/15 11:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F79CD03B-343C-4A47-A958-321778601331}
    [2011/04/14 13:25:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4291003D-9ED1-4F80-8D89-C2D813E6A03D}
    [2011/04/13 23:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{03095AAC-FB5F-48FB-BFAF-F0E58F455B9F}
    [2011/04/13 09:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AD0B2C86-A87F-4C1C-854C-40B8F8DE05D7}
    [2011/04/12 13:23:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7C79DF6F-A325-4533-9F1A-217AB850A8B8}
    [2011/04/11 08:58:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FB57FE39-9092-4D64-9F1B-FC0332FC2209}
    [2011/04/10 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{814D64C0-C5B0-4955-9796-89CEC76AB848}
    [2011/04/10 01:51:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{10C64183-84B8-482B-9FF7-DBD0B363B9EF}
    [2011/04/09 13:45:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{155EABC3-0E26-4B03-8A6E-EA5AF1AEE1CB}
    [2011/04/08 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{98B4B39F-2507-41BF-BFCA-72C62DCF0E61}
    [2011/04/07 09:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1F34C663-E458-46D0-8B50-411159F46192}
    [2011/04/06 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D45B3F3A-3475-4B58-9ABD-970D25F68C74}
    [2011/04/05 11:45:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EFE37039-A784-4C3B-8E50-D5094948EC38}
    [2011/04/04 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1A03FC56-3321-43F9-A016-133624A8E869}
    [2011/04/03 10:06:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{5B34D524-02FB-4B7A-A241-22B6D80CD934}
    [2011/04/02 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{92485788-7FB0-4D59-BA07-78976044A746}
    [2011/04/01 22:10:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A00217F7-419F-4BD3-90E1-C5206FB2EFA9}
    [2011/04/01 10:09:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AC7EBB48-167B-4DBC-B1F8-5241B8841C31}
    [2011/03/31 09:46:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AD2E03B6-5013-4734-89F7-41869C3EC897}
    [2011/03/30 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{204BA3DB-0B17-4005-A9A9-4C63AD873ABC}
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 23 April 2011 - 06:05 AM

Sweet Tech I have run ther programmes you asked.

The logs are below!

I checked Google after these procedures and I do not know why or how but Google now loads up in working and operational order as are Yahoo and Bing. Thank you very much and I will not let my wife touch the computer again!

Does that mean the computer is completely cured as I have noticed that on some other forums the problems have returned for the users!

Once again thank you for your help!!!!

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKU\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-809179788-3682372581-2649486876-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\ deleted successfully.
Item C:\Windows\SysNative\svchost.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\ not found.
Item C:\Windows\SysWow64\svchost.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Directx\dxsetup.exe not found.
C:\Users\Jason\AppData\Local\{05B08B3D-B6F4-4B9A-9B47-E65B7E20FF61} folder moved successfully.
C:\Users\Jason\AppData\Local\{E97E650C-6C7C-4482-B447-50F375A18F36} folder moved successfully.
C:\Users\Jason\AppData\Local\{B8347977-4E20-42C2-95F6-7B153603C981} folder moved successfully.
C:\Users\Jason\AppData\Local\{2C05A505-A103-4BD8-8C12-A2F50754EF8B} folder moved successfully.
C:\Users\Jason\AppData\Local\{9C45C7FE-16E7-44CE-9D53-2481FEBBE09D} folder moved successfully.
C:\Users\Jason\AppData\Local\{CFACD3E9-49A7-4CBD-A361-4E36C374BDC0} folder moved successfully.
C:\Users\Jason\AppData\Local\{D08083EE-69C2-40D9-A10B-459C539C5930} folder moved successfully.
C:\Users\Jason\AppData\Local\{4EA6383C-7454-4F44-9685-2DBBF8A70C57} folder moved successfully.
C:\Users\Jason\AppData\Local\{F31CCE27-67C9-4F1C-A050-D3C9BC3D974F} folder moved successfully.
C:\Users\Jason\AppData\Local\{F79CD03B-343C-4A47-A958-321778601331} folder moved successfully.
C:\Users\Jason\AppData\Local\{4291003D-9ED1-4F80-8D89-C2D813E6A03D} folder moved successfully.
C:\Users\Jason\AppData\Local\{03095AAC-FB5F-48FB-BFAF-F0E58F455B9F} folder moved successfully.
C:\Users\Jason\AppData\Local\{AD0B2C86-A87F-4C1C-854C-40B8F8DE05D7} folder moved successfully.
C:\Users\Jason\AppData\Local\{7C79DF6F-A325-4533-9F1A-217AB850A8B8} folder moved successfully.
C:\Users\Jason\AppData\Local\{FB57FE39-9092-4D64-9F1B-FC0332FC2209} folder moved successfully.
C:\Users\Jason\AppData\Local\{814D64C0-C5B0-4955-9796-89CEC76AB848} folder moved successfully.
C:\Users\Jason\AppData\Local\{10C64183-84B8-482B-9FF7-DBD0B363B9EF} folder moved successfully.
C:\Users\Jason\AppData\Local\{155EABC3-0E26-4B03-8A6E-EA5AF1AEE1CB} folder moved successfully.
C:\Users\Jason\AppData\Local\{98B4B39F-2507-41BF-BFCA-72C62DCF0E61} folder moved successfully.
C:\Users\Jason\AppData\Local\{1F34C663-E458-46D0-8B50-411159F46192} folder moved successfully.
C:\Users\Jason\AppData\Local\{D45B3F3A-3475-4B58-9ABD-970D25F68C74} folder moved successfully.
C:\Users\Jason\AppData\Local\{EFE37039-A784-4C3B-8E50-D5094948EC38} folder moved successfully.
C:\Users\Jason\AppData\Local\{1A03FC56-3321-43F9-A016-133624A8E869} folder moved successfully.
C:\Users\Jason\AppData\Local\{5B34D524-02FB-4B7A-A241-22B6D80CD934} folder moved successfully.
C:\Users\Jason\AppData\Local\{92485788-7FB0-4D59-BA07-78976044A746} folder moved successfully.
C:\Users\Jason\AppData\Local\{A00217F7-419F-4BD3-90E1-C5206FB2EFA9} folder moved successfully.
C:\Users\Jason\AppData\Local\{AC7EBB48-167B-4DBC-B1F8-5241B8841C31} folder moved successfully.
C:\Users\Jason\AppData\Local\{AD2E03B6-5013-4734-89F7-41869C3EC897} folder moved successfully.
C:\Users\Jason\AppData\Local\{204BA3DB-0B17-4005-A9A9-4C63AD873ABC} folder moved successfully.
C:\Windows\SysWow64\shoB0FF.tmp deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Desktop\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jason
->Temp folder emptied: 42489105 bytes
->Temporary Internet Files folder emptied: 18197420 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5084005 bytes
->Google Chrome cache emptied: 7104810 bytes
->Flash cache emptied: 40793 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30742800 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
RecycleBin emptied: 546527238 bytes

Total Files Cleaned = 620.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jason
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04232011_113147

Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z84E3F7V\ads[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9A8E0PU7\ads[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EDY7VYK\ads[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EDY7VYK\gsloader[1].html moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EDY7VYK\topic392669[1].html moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EDY7VYK\topics;kw=;tile=2;sz=300x250,336x280;ord='%20+%20ord%20+%20'[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6424

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

23/04/2011 11:55:55
mbam-log-2011-04-23 (11-55-55).txt

Scan type: Quick scan
Objects scanned: 164567
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:21 PM

Posted 23 April 2011 - 12:08 PM

Hi!

I checked Google after these procedures and I do not know why or how but Google now loads up in working and operational order as are Yahoo and Bing.

Your host files were still infected, so I don't think the first script I gave you to run worked properly, but it should have worked when you ran the OTL fix.


Thank you very much and I will not let my wife touch the computer again!

:hysterical:

Does that mean the computer is completely cured as I have noticed that on some other forums the problems have returned for the users!

I am going to have you run a few additional scans to see what else (if anything) we need to address with your computer.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 23 April 2011 - 02:58 PM

Here is the information that you requested! It came up with a few errors I think. I have pasted them below! Thanks for your continued help!
---------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------
C:\Program Files (x86)\PC Doc Pro v5\PC Doc Pro.exe a variant of Win32/Adware.RegGenie application
C:\Program Files (x86)\ScanQuery\scanquery.dll a variant of Win32/Adware.OneStep.Z application
C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.dll a variant of Win32/Adware.OneStep.Z application
C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.exe a variant of Win32/Adware.OneStep.Z application
C:\ProgramData\3334b2\qejjhsdefmqf.exe Win64/Agent.AB trojan
C:\Users\All Users\3334b2\qejjhsdefmqf.exe Win64/Agent.AB trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\531R391W\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\531R391W\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application

-----------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

#8 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 23 April 2011 - 03:04 PM

i didnt have my protection on for that security check does it matter? I have therefore put it on its avast and re done last procedure if it helps?

--------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Internet Security
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player 10.0.32.18
Adobe Reader 9.4.3 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.14) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast afwServ.exe
``````````End of Log````````````

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:21 PM

Posted 23 April 2011 - 03:17 PM

Hi!

C:\Program Files (x86)\PC Doc Pro v5\PC Doc Pro.exe a variant of Win32/Adware.RegGenie application
C:\Program Files (x86)\ScanQuery\scanquery.dll a variant of Win32/Adware.OneStep.Z application
C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.dll a variant of Win32/Adware.OneStep.Z application
C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.exe a variant of Win32/Adware.OneStep.Z application

You should remove these two programs from your computer. They are going to cause you more problems than they will be able to solve.

Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.16.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



Update Adobe Reader
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

An alternate to the Adobe Reader, you could try the free (for personal use) Foxit PDF Reader. The download file is smaller and when installed,
uses less resources than Adobe Reader. Note: Do not install anything dealing with AskBar... presented as an installation option.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\ProgramData\3334b2\
    C:\Users\All Users\3334b2\
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\531R391W\upgrade[1].cab
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\531R391W\upgrade[1].cab
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 23 April 2011 - 04:23 PM

Update Firefox done. Adobe done. Here is the first scan log for OTL as asked for! I will post the second straight after it reboots after scan!

--------------------------------------------------------------------------------------------------------------------------------------

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
Folder C:\ProgramData\3334b2 not found.
Folder C:\Users\All Users\3334b2 not found.
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\531R391W\upgrade[1].cab not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\531R391W\upgrade[1].cab not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Desktop\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jason
->Temp folder emptied: 251053 bytes
->Temporary Internet Files folder emptied: 1198686 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 573440 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jason
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04232011_215508

Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LO8E99P\page__p__2215769[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#11 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 23 April 2011 - 04:38 PM

This is the results after the scan I was expecting it to reboot after but it never did!

The computer seems ok I cant notice anything running like it should not!!!!

-----------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 4/23/2011 10:25:30 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 30.02 Gb Free Space | 51.57% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 39.17 Gb Free Space | 25.25% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 11:30:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 15:19:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/09/30 01:10:40 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/07/02 21:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/05/17 19:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/04/23 22:40:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/23 22:40:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/11/12 03:12:55 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/08/20 04:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 17:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 22:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/12 20:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/01/26 13:01:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 04:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2005/07/06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 11:30:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2011/02/23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/23 22:40:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/23 22:40:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 13:01:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/23 15:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/28 13:14:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 22:06:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/10 07:57:53 | 000,130,048 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/04/23 22:40:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/23 22:40:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/23 22:40:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/23 22:40:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/12 03:05:35 | 000,558,080 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SISGRKMD.sys -- (SiS6350)
DRV:64bit: - [2009/08/20 03:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/08/01 09:08:25 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 BD AD 2C E1 FD CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/06 18:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/30 19:57:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/23 21:27:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/23 21:51:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/30 19:57:32 | 000,000,000 | ---D | M]

[2011/03/03 08:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Extensions
[2011/03/03 08:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Firefox\Profiles\9oexgti6.default\extensions
[2011/04/23 21:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/23 18:29:33 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011/03/30 19:57:31 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/03/06 18:57:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/23 21:27:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/23 21:27:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/23 21:27:00 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/23 21:27:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/23 21:55:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity 2.2 Toolbar) - {E84CC2C1-B722-48FC-A39C-EDB8B525C777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/04/23 21:34:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/23 18:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/04/23 11:31:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/23 09:58:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0F77E08B-E416-4CDA-B462-BE881DCF6C77}
[2011/04/22 12:40:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/04/22 12:05:45 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTM.exe
[2011/04/21 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/21 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/18 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apps
[2011/04/18 09:05:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EeeStorageUploader
[2011/04/16 21:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2011/04/14 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2011/04/11 17:54:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DAEMON Tools Pro
[2011/04/11 17:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/04/11 16:45:59 | 000,017,128 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2011/04/11 16:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
[2011/04/11 12:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/04/10 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Windows Live Writer
[2011/04/10 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Windows Live Writer
[2011/04/07 16:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DivX
[2011/04/07 16:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/04/07 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/04/07 16:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/04/07 16:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/03/30 20:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011/03/30 19:56:31 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2011/03/30 19:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

========== Files - Modified Within 30 Days ==========

[2011/04/23 22:09:31 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 22:09:31 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 22:01:04 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/23 22:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/23 22:00:16 | 1503,354,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/23 21:55:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/04/23 21:53:16 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 21:36:14 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/23 20:53:19 | 000,879,081 | ---- | M] () -- C:\Users\Jason\Desktop\SecurityCheck.exe
[2011/04/23 11:30:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/04/22 12:06:09 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTM.exe
[2011/04/21 14:32:09 | 000,000,830 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2011/04/21 12:06:19 | 000,002,975 | ---- | M] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2011/04/18 09:59:04 | 000,007,620 | ---- | M] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
[2011/04/16 21:49:43 | 003,823,704 | ---- | M] () -- C:\Users\Jason\Desktop\veetle-0.9.15.exe
[2011/04/16 09:59:30 | 000,001,982 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/04/16 09:59:21 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/04/14 17:29:53 | 000,275,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/14 13:32:42 | 000,732,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/14 13:32:42 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/14 13:32:42 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/10 03:54:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2011/04/01 12:14:56 | 000,001,080 | ---- | M] () -- C:\Users\Jason\Desktop\Pictures - Shortcut.lnk
[2011/03/30 20:00:00 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011/03/25 18:03:52 | 000,017,128 | ---- | M] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2011/03/25 05:35:24 | 000,374,272 | ---- | M] () -- C:\Windows\SysWow64\mss32.dll

========== Files Created - No Company Name ==========

[2011/04/23 21:36:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/23 21:36:14 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/23 20:52:54 | 000,879,081 | ---- | C] () -- C:\Users\Jason\Desktop\SecurityCheck.exe
[2011/04/21 12:06:19 | 000,002,975 | ---- | C] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2011/04/18 09:56:52 | 000,007,620 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
[2011/04/16 21:43:35 | 003,823,704 | ---- | C] () -- C:\Users\Jason\Desktop\veetle-0.9.15.exe
[2011/04/11 16:45:37 | 000,374,272 | ---- | C] () -- C:\Windows\SysWow64\mss32.dll
[2011/04/01 12:14:56 | 000,001,080 | ---- | C] () -- C:\Users\Jason\Desktop\Pictures - Shortcut.lnk
[2011/03/30 19:59:59 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011/03/23 01:35:43 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/03/10 17:22:02 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2011/01/31 23:02:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/16 10:31:31 | 000,736,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/30 00:52:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/02/09 08:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/10/26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/05/19 04:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2011/04/23 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Asus WebStorage
[2011/03/02 22:00:53 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitTorrent
[2011/04/11 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\DAEMON Tools Pro
[2011/04/18 09:05:38 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\EeeStorageUploader
[2011/01/18 11:56:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\PC Suite
[2011/02/02 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\PFStaticIP
[2011/04/21 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SoftGrid Client
[2011/01/15 00:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sports Interactive
[2011/01/16 10:34:21 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TP
[2011/01/29 08:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Trusteer
[2011/04/22 13:50:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2011/04/10 10:52:30 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Windows Live Writer
[2011/04/10 03:54:01 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2011/03/06 17:55:38 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\PC Doc Pro Scheduled Scan.job
[2011/04/14 20:12:42 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/23 21:27:01 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/23 21:27:01 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/23 21:27:01 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/23 21:26:57 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/23 21:26:57 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/23 21:26:57 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/13 01:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/13 01:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/13 01:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/04/13 01:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/04/23 13:51:46 | 000,000,004 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/03/02 19:19:49 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\First Run
[2011/04/23 13:51:46 | 000,004,910 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Local State
[2011/03/03 07:36:50 | 002,932,136 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/03/03 07:36:51 | 000,846,437 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/03/03 07:34:37 | 000,053,248 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/03/02 19:20:00 | 000,000,505 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/03/02 19:20:00 | 000,000,505 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/04/23 13:51:35 | 000,010,240 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/04/23 13:51:46 | 000,082,708 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/04/23 13:51:46 | 000,031,352 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/04/07 18:19:08 | 000,006,144 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/04/23 13:50:43 | 000,010,240 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/04/23 13:51:46 | 000,114,688 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\History
[2011/04/23 13:51:46 | 000,069,632 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-04
[2011/04/07 18:19:13 | 000,000,377 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/04/07 18:19:12 | 000,000,234 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/04/23 13:51:46 | 000,010,076 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/03/02 22:00:50 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Thumbnails
[2011/03/02 19:20:37 | 000,020,480 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/04/23 13:51:46 | 000,131,072 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/04/23 13:51:05 | 000,061,440 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/04/07 18:19:09 | 000,009,216 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2011/03/02 19:23:24 | 000,017,408 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2011/03/02 19:23:24 | 000,019,456 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/03/02 19:19:54 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#12 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 24 April 2011 - 06:40 AM

Hi Sweet Tech. I noticed last night that I got a message from windows on the computer stating that someone has the same IP address as me logged onto the internet!

How is that possible as I have a router and its password protected? I can use the internet from the router with my mobile phone/smartphone as well. Could this be a reason that I have problems with the internet in the evenings? To explain.....internet downloads go real slow in the evening I just presumed that would be that more people log on at this time (come home from work etc) but my internet company said I get 12MB speed but it runs at a fraction of the speed in evening! After everything you have done I feel a bit cheeky asking but now all the problems I have seen just makes me think that someone comes home from work and uses my internet connection and gets it all free and that is slowing me down and giving me a virus on my connection?

could this make sence??? and be an explanation or am I being far too untrustworthy?

Edited by Jayhova, 24 April 2011 - 06:48 AM.


#13 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 24 April 2011 - 06:51 AM

i logged onto the internet setup for my router bu putting my IP address into the address bar! I looked at the Log and I am now panicking as it has the words intrusion in there which gives my no confidence any more in using the internet!!! I copied the log so maybe you can see for yourself and advise me????

-------------------------------------------------------------------------------------------------------------------------------------------------

kernel: eth4 Link UP 1000 mbps full duplex
kernel: Line 0: xDSL G.994 training
kernel: Line 0: ADSL G.992 started
kernel: Line 0: ADSL G.992 channel analysis
kernel: Line 0: ADSL link up, fast, us=448, ds=8128
syslog: PPP LCP UP.
syslog: Received valid IP address from server. Connection UP.
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=143.132.167.39 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=119 ID=26844 DF PROTO=TCP SPT=3087 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=143.132.167.39 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=119 ID=27306 DF PROTO=TCP SPT=3087 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=2.92.22.120 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=119 ID=51549 DF PROTO=TCP SPT=4765 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=2.92.22.120 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=119 ID=52078 DF PROTO=TCP SPT=4765 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=109.184.153.166 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=117 ID=10826 DF PROTO=TCP SPT=3556 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=109.184.153.166 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=117 ID=11037 DF PROTO=TCP SPT=3556 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=87.55.64.157 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=121 ID=36071 DF PROTO=TCP SPT=1736 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=87.55.64.157 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=121 ID=36393 DF PROTO=TCP SPT=1736 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=123.30.109.119 DST=94.11.112.112 LEN=40 TOS=0x04 PREC=0x00 TTL=96 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=178.233.227.74 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=1103 DF PROTO=TCP SPT=1753 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=178.233.227.74 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=1344 DF PROTO=TCP SPT=1753 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=70.77.227.236 DST=94.11.112.112 LEN=64 TOS=0x04 PREC=0x00 TTL=31 ID=22269 DF PROTO=TCP SPT=2749 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=70.77.227.236 DST=94.11.112.112 LEN=64 TOS=0x04 PREC=0x00 TTL=31 ID=23165 DF PROTO=TCP SPT=2749 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=78.107.87.131 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=118 ID=62717 DF PROTO=TCP SPT=4859 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=78.107.87.131 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=118 ID=63202 DF PROTO=TCP SPT=4859 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=92.124.51.128 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=18971 DF PROTO=TCP SPT=4595 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=92.124.51.128 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=19362 DF PROTO=TCP SPT=4595 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=78.231.45.1 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=53951 DF PROTO=TCP SPT=2450 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=78.231.45.1 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=54442 DF PROTO=TCP SPT=2450 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=79.163.121.174 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=19256 DF PROTO=TCP SPT=3162 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=79.163.121.174 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=19395 DF PROTO=TCP SPT=3162 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=221.232.142.122 DST=94.11.112.112 LEN=40 TOS=0x04 PREC=0x00 TTL=99 ID=256 PROTO=TCP SPT=42070 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=84.111.222.139 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=117 ID=27659 DF PROTO=TCP SPT=3233 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=84.111.222.139 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=117 ID=27668 DF PROTO=TCP SPT=3233 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=83.25.53.139 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=114 ID=53229 DF PROTO=TCP SPT=3139 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=83.25.53.139 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=114 ID=53451 DF PROTO=TCP SPT=3139 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.251.242.237 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=115 ID=24258 DF PROTO=TCP SPT=3401 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=109.184.31.92 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=117 ID=59384 DF PROTO=TCP SPT=1093 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=62.248.93.138 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=112 ID=4767 DF PROTO=TCP SPT=4596 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=109.184.31.92 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=117 ID=59787 DF PROTO=TCP SPT=1093 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=62.248.93.138 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=112 ID=4932 DF PROTO=TCP SPT=4596 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=210.4.126.245 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=115 ID=57511 DF PROTO=TCP SPT=2049 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=210.4.126.245 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=115 ID=57725 DF PROTO=TCP SPT=2049 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=62.133.171.121 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=62752 DF PROTO=TCP SPT=4775 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=62.133.171.121 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=62906 DF PROTO=TCP SPT=4775 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.21.130.70 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=118 ID=22441 DF PROTO=TCP SPT=4145 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.21.130.70 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=118 ID=23093 DF PROTO=TCP SPT=4145 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.137.166.244 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=47276 DF PROTO=TCP SPT=2953 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.137.166.244 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=47282 DF PROTO=TCP SPT=2954 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.137.166.244 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=48206 DF PROTO=TCP SPT=2953 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=61.223.103.85 DST=94.11.112.112 LEN=48 TOS=0x04 PREC=0x00 TTL=111 ID=60305 DF PROTO=TCP SPT=58290 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:21 PM

Posted 24 April 2011 - 07:53 AM

You said you have a password for your router, is this password the default one or is it one that you created yourself?


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    [2011/04/23 09:58:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0F77E08B-E416-4CDA-B462-BE881DCF6C77}
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Edited to add in: Do you live in the United Kingdom?

Edited by SweetTech, 24 April 2011 - 07:55 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Jayhova

Jayhova
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 24 April 2011 - 10:13 AM

Hi Thanks for getting bacl to me so quickly all the time I really appreciate it.

The password for the router is the default one that it came with. Does this matter as surely each router has its own independant codes and password??? Or is that my naive mind thinking that it would matter! The password is reuired when any user tries to log on to the wifi signal from any device.

To confirm this I deleted the known connection on my Iphone 4 that I connect to my router and then researched for the same connection and it asked for my password which would be the same for any other user or device that was trying to log onto my internet connection! I know a little about computers however I do not understand how thry could use my network?

I do live in the United Kingdom!

The log is below that you requested for the OTL fix.

Thanks again for your continued help on these matter you are a superstar!!!

-----------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------

========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\Jason\AppData\Local\{0F77E08B-E416-4CDA-B462-BE881DCF6C77} folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Desktop\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 04242011_160321




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users