Sponsored By

aether121

Members
  • Content Count

    5
  • Joined

  • Last visited

About aether121

  • Rank
    Member
  1. aether121

    Hjt Log - Help Me Please!

    I've managed to reinstall Norton now and everything seems to be back to normal, thank you so much for all your help!!
  2. aether121

    Hjt Log - Help Me Please!

    No worries, your support is really appreciated =)
  3. aether121

    Hjt Log - Help Me Please!

    Thanks for the continued support Here's the new logs: ========== FILES ========== C:\WINDOWS\System32\uniq.tll moved successfully. File/Folder C:\WINDOWS\System32\frmwrk32.exe not found. File/Folder C:WINDOWS\System32\pcload.exe not found. C:\Documents and Settings\tom 1\Desktop\kjgjo.exe moved successfully. C:\Documents and Settings\tom 1\Desktop\SDFix.exe moved successfully. C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\nsq48.tmp moved successfully. C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP moved successfully. C:\WINDOWS\msdownld.tmp moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Framework Windows not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\fla1A.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF8749.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF876B.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\JETC94B.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\~ROMFN_00000108 scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01092009_005559 Files moved on Reboot... File C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\fla1A.tmp not found! File C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF8749.tmp not found! File C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF876B.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\temp\JETC94B.tmp moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat not found! C:\WINDOWS\temp\~ROMFN_00000108 moved successfully. OTViewIt logfile created on: 09/01/2009 17:02:05 - Run 6 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.11 Mb Total Physical Memory | 369.07 Mb Available Physical Memory | 36.39% Memory free 2.38 Gb Paging File | 1.60 Gb Available in Paging File | 67.17% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 4.62 Gb Free Space | 6.20% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM Current User Name: tom 1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe [2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe [2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe [2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009/01/03 17:53:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009/01/03 17:53:17 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe [2007/03/20 17:39:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009/01/05 15:05:39 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2008/12/22 11:05:56 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe [2008/11/23 12:38:57 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2001/02/28 09:02:04 | 10,571,776 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE [2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe ========== (O23) Win32 Services ========== [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running]) [2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [On_Demand | Stopped]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running]) [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running]) [2007/08/22 08:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped]) [2007/03/20 17:39:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) File not found -- -- (iPodService [On_Demand | Stopped]) [2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running]) [2008/09/05 10:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running]) [2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running]) [2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash [Auto | Running]) [2005/11/22 08:29:52 | 00,233,472 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped]) [2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Running]) [2005/11/21 21:47:56 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [On_Demand | Stopped]) [2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Auto | Stopped]) [2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Running]) [2008/11/23 12:38:57 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running]) [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/08/22 10:26:35 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) [2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) [2005/10/22 06:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [system | Running]) [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped]) [2007/08/09 00:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running]) [2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [boot | Running]) [2005/10/22 06:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running]) [2008/11/20 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running]) [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2005/01/07 15:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006/03/23 10:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running]) [2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running]) [2006/04/17 14:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) [2005/10/22 06:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped]) [2003/07/17 07:17:52 | 00,012,384 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter [boot | Running]) [2008/11/20 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVENG.SYS -- (NAVENG [On_Demand | Running]) [2008/11/20 09:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) [2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running]) [2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [boot | Running]) [2006/02/27 14:00:50 | 00,034,880 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR [boot | Running]) [2006/02/20 15:01:06 | 00,029,056 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR [boot | Running]) [2004/11/22 16:08:54 | 00,046,800 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [system | Running]) [2004/11/22 15:51:58 | 00,138,801 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [boot | Running]) [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2005/10/22 06:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [system | Running]) [2007/09/28 16:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2006/06/08 09:49:50 | 00,344,064 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped]) [2006/02/27 03:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running]) [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped]) [2005/11/21 23:49:40 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [system | Running]) [2008/12/22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running]) [2008/12/22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running]) [2008/12/22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running]) [2004/08/04 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped]) [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [boot | Running]) [2006/01/20 11:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running]) [2008/01/17 04:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped]) [2008/02/01 01:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [system | Running]) [2008/02/01 01:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped]) [2008/02/01 01:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running]) [2008/02/05 19:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running]) [2008/11/23 12:40:31 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) [2008/02/05 19:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running]) [2008/02/05 19:34:43 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running]) [2008/10/03 16:21:54 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081220.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running]) [2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped]) [2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running]) [2008/02/05 19:34:43 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running]) [2008/02/05 19:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running]) [2008/02/05 19:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running]) [2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running]) [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Running]) [2004/09/06 20:40:04 | 00,018,432 | R--- | M] (Computer & Entertainment, Inc.) -- C:\WINDOWS\system32\drivers\WDM_Capture_220A.sys -- (WDM_Capture_220A [On_Demand | Stopped]) [2005/12/28 09:37:58 | 00,015,488 | R--- | M] (WideView Technology Inc.) -- C:\WINDOWS\system32\drivers\WDM_Loader_220A.sys -- (WDM_Loader_220A [On_Demand | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\windows\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\windows\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Secondary Start Pages"= "Start Page"=google.com [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://home.microsoft.com/access/autosearch.asp?p=%s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation) "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) ========== (O4) Startup Folders ========== ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe [] -> [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5 {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool {20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class {5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/Facebo...otoUploader.cab -- Facebook Photo Uploader Control {6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3 {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_17 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object ========== (O17) DNS Name Servers ========== {49776DF5-BBFE-43AF-8CA8-5F1CCCFAF543} (Servers: | Description: ) {4F74FE45-CF68-4B8B-9499-151D037C8F2D} (Servers: | Description: ) {5233496C-B997-4C5C-8CE3-C695EFC09560} (Servers: | Description: 1394 Net Adapter) {5B9F5B21-7C23-47D6-B863-51DEB3FD8110} (Servers: | Description: 1394 Net Adapter) {5F04E7C6-01CC-4923-816B-F9EC2B7E12C9} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection) {89DEBDC3-6A19-4D9A-B5D4-A3E9C1B125C3} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC) ========== (O20) AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=avgrsstx.dll >[2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) vtUnopPJ: "DllName" = vtUnopPJ.dll -- File not found ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/06/30 01:10:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun] ""=Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun\command] ""=F:\LaunchU3.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2009/01/09 12:52:09 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\My Documents\~$am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc [2009/01/09 01:08:18 | 00,000,000 | ---D | C] -- C:\fsaua.data [2009/01/09 00:55:59 | 00,000,000 | ---D | C] -- C:\_OTMoveIt [2009/01/09 00:51:44 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTMoveIt3.exe [2009/01/07 15:23:36 | 10,634,40384 | -HS- | C] () -- C:\hiberfil.sys [2009/01/07 14:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/01/07 14:41:22 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/01/07 14:41:18 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/01/07 14:41:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\SUPERAntiSpyware.com [2009/01/07 13:44:49 | 05,824,544 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\SUPERAntiSpyware.exe [2009/01/07 13:36:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/01/06 16:35:38 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe [2009/01/05 18:20:45 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/01/05 18:20:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/01/05 18:20:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/01/05 18:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/01/05 18:18:26 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe [2009/01/05 17:25:08 | 00,749,342 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg [2009/01/05 16:13:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/01/05 14:35:53 | 00,442,392 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg [2009/01/05 14:32:21 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk [2009/01/05 14:32:21 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/01/05 14:26:29 | 00,920,792 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe [2009/01/05 11:18:58 | 16,319,896 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe [2009/01/05 10:54:33 | 00,028,074 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm [2009/01/05 10:51:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf [2009/01/03 23:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\AVG @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\AVG:Roxio EMC Stream [2009/01/03 23:08:32 | 00,000,000 | ---D | C] -- C:\!KillBox [2009/01/03 17:53:29 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/01/03 17:53:29 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk [2009/01/03 17:53:28 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/01/03 17:53:27 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/01/03 17:53:23 | 31,513,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/01/03 17:53:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/01/03 17:53:23 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/01/03 17:53:23 | 00,014,903 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/01/03 17:53:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2009/01/03 17:33:20 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe [2009/01/03 16:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/01/03 13:58:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl [2009/01/03 13:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\StartupCPL @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\StartupCPL:Roxio EMC Stream [2009/01/03 13:56:52 | 00,058,671 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip [2009/01/03 13:18:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/01/03 00:33:51 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2009/01/02 23:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\WinRAR [2009/01/02 22:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/01/02 22:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\SDFix [2009/01/02 16:41:25 | 00,000,000 | ---D | C] -- C:\SDFix [2009/01/02 02:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\Malwarebytes [2009/01/02 02:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/01/01 22:31:26 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc [2009/01/01 18:49:01 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2009/01/01 18:49:01 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2009/01/01 18:49:01 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2009/01/01 18:49:01 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe [2009/01/01 18:49:01 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2009/01/01 18:49:01 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2009/01/01 18:49:01 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2009/01/01 18:49:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2009/01/01 18:49:01 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2009/01/01 18:49:00 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2009/01/01 17:45:26 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc [2008/12/29 12:13:58 | 00,020,828 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf [2008/12/29 12:11:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf [2008/12/29 12:11:40 | 00,020,810 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf [2008/12/29 12:09:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc [2008/12/28 18:33:34 | 00,004,398 | ---- | C] () -- C:\WINDOWS\caesar3.ico [2008/12/26 00:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\My Documents\My Music @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\My Documents\My Music:Roxio EMC Stream ========== Files - Modified Within 30 Days ========== [2009/01/09 16:54:02 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/01/09 12:52:09 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\My Documents\~$am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc [2009/01/09 12:20:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2009/01/09 12:20:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2009/01/09 12:19:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/01/09 12:13:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/01/09 12:13:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/01/09 12:12:59 | 00,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/01/09 12:12:57 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys [2009/01/09 00:59:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2009/01/09 00:59:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2009/01/09 00:56:37 | 02,113,002 | -H-- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\IconCache.db [2009/01/09 00:51:51 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTMoveIt3.exe [2009/01/08 23:07:18 | 00,139,776 | ---- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/08 22:57:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2009/01/08 22:57:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2009/01/08 15:58:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2009/01/08 15:58:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2009/01/07 16:18:25 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2009/01/07 16:18:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2009/01/07 15:26:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2009/01/07 15:26:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2009/01/07 14:41:22 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/01/07 14:39:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm [2009/01/07 14:39:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2009/01/07 13:44:49 | 05,824,544 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\SUPERAntiSpyware.exe [2009/01/07 13:04:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2009/01/07 13:04:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2009/01/07 12:44:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2009/01/07 12:44:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2009/01/06 21:04:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2009/01/06 21:04:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2009/01/06 19:10:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2009/01/06 19:10:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2009/01/06 17:21:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe [2009/01/06 16:24:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2009/01/06 16:24:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2009/01/05 19:03:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2009/01/05 19:03:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009/01/05 18:20:45 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/01/05 18:20:14 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe [2009/01/05 18:11:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2009/01/05 18:11:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2009/01/05 18:04:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2009/01/05 18:04:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009/01/05 17:25:58 | 00,749,342 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg [2009/01/05 17:19:47 | 00,001,746 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2009/01/05 17:19:43 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009/01/05 16:22:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2009/01/05 16:22:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2009/01/05 15:04:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2009/01/05 15:04:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2009/01/05 14:36:03 | 00,442,392 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg [2009/01/05 14:32:21 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk [2009/01/05 14:26:37 | 00,920,792 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe [2009/01/05 11:18:58 | 16,319,896 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe [2009/01/05 10:54:33 | 00,028,074 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm [2009/01/05 10:53:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/01/05 10:53:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/01/05 10:51:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf [2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/01/03 23:41:27 | 31,513,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/01/03 23:41:24 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/01/03 23:41:24 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/01/03 17:53:29 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk [2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/01/03 17:53:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/01/03 17:33:21 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe [2009/01/03 13:56:53 | 00,058,671 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip [2009/01/03 13:22:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/01/03 13:22:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/01/03 13:17:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2009/01/03 13:17:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/01/02 13:02:54 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\N.lnk [2009/01/01 22:31:26 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc [2009/01/01 22:30:41 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\Microsoft Word.lnk [2009/01/01 17:45:27 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc [2008/12/29 12:13:58 | 00,020,828 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf [2008/12/29 12:11:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf [2008/12/29 12:11:40 | 00,020,810 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf [2008/12/29 12:09:34 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc [2008/12/28 18:33:26 | 00,000,308 | ---- | M] () -- C:\WINDOWS\SIERRA.INI [2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll < End of report > OTViewIt Extras logfile created on: 09/01/2009 17:02:06 - Run 6 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.11 Mb Total Physical Memory | 369.07 Mb Available Physical Memory | 36.39% Memory free 2.38 Gb Paging File | 1.60 Gb Available in Paging File | 67.17% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 4.62 Gb Free Space | 6.20% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM Current User Name: tom 1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0x00000000 "FirewallDisableNotify"=0x00000000 "UpdatesDisableNotify"=0x00000000 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class]) ipp: [HKLM - No CLSID value] [2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [2009/01/03 17:53:22 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class]) [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) msdaipp: [HKLM - No CLSID value] [2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [2001/02/23 17:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}"=LG_MobileSync "{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp "{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate "{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs "{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer "{24DF7221-644B-4C3A-A478-459502D40522}"=Backup "{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11 "{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3C759736-8347-4031-BB9C-D75ADFE6B101}"=Norton Ghost 9.0 "{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls "{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant "{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime "{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger "{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}"=Macromedia Flash Player 8 "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}"=Norton 360 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD "{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works "{7148F0A8-6813-11D6-A77B-00B0D0142170}"=Java 2 Runtime Environment, SE v1.4.2_17 "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit "{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes "{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders "{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}"=iLike Sidebar "{868901EE-7807-4F89-A134-7C705D34F91F}"=Roxio Easy Media Creator 8 Suite "{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player "{8B7443F5-E141-42A0-AB61-ED2331AAD606}"=4oD "{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage "{9D1C26BD-E792-4159-9D16-07EA222D8EF0}"=Windows Messenger 5.1 "{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7 "{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player "{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs "{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition "{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23 "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation) "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series "{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation) "{E91E8912-769D-42F0-8408-0E329443BABC}"=Ralink Wireless LAN Card "{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04 "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver "{F3CBA4E6-436E-4B51-9651-93830EE38616}"=Windows Messenger 5.1 MUI Pack "4oD"=4oD "AC3Filter"=AC3Filter (remove only) "Ad-Aware SE Plus"=Ad-Aware SE Plus "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "ALZip_is1"=ALZip "AVG8Uninstall"=AVG Free 8.0 "AxCrypt"=AxCrypt (Remove Only) "BBC iPlayer Download Manager"=BBC iPlayer Download Manager "CCleaner"=CCleaner (remove only) "CyberScrub Professional 3.5"=CyberScrub Professional 3.5 "Diablo II"=Diablo II "HijackThis"=HijackThis 2.0.2 "hp deskjet 960c series"=hp deskjet 960c series (Remove only) "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime "InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes "InstallShield_{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23 "InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04 "LimeWire"=LimeWire 4.14.10 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "MSNINST"=MSN "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "Pharaoh"=Pharaoh "PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation) "RealPlayer 6.0"=RealPlayer "Roxio MRFilter"=Roxio EasyWrite Reader "Scribe"=Express Scribe "Shareaza_is1"=Shareaza version 2.2.5.0 "SMSERIAL"=Motorola SM56 Data Fax Modem "SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation) "Total Annihilation: Kingdoms"=Total Annihilation: Kingdoms "VLC media player"=VideoLAN VLC media player 0.8.6e "VoipStunt_is1"=VoipStunt "WGA"=Windows Genuine Advantage Validation Tool "Windows Live Toolbar"=Windows Live Toolbar "Windows Media Encoder 9"=Windows Media Encoder 9 Series "Windows Media Format Runtime"=Windows Media Format Runtime "Windows Media Player"=Windows Media Player 10 "World of Warcraft"=World of Warcraft "Yahoo! Companion"=Yahoo! Companion "Yahoo! Messenger with BT Communicator"=Yahoo! Messenger with BT Communicator ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08/01/2009 23:14:35 | Computer Name = TOM | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/01/2009 23:14:54 | Computer Name = TOM | Source = Application Hang | ID = 1002 Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 07/01/2009 10:02:40 | Computer Name = TOM | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 07/01/2009 10:02:40 | Computer Name = TOM | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 07/01/2009 10:02:51 | Computer Name = TOM | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 07/01/2009 10:03:01 | Computer Name = TOM | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 07/01/2009 10:21:16 | Computer Name = TOM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 07/01/2009 10:21:22 | Computer Name = TOM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 07/01/2009 10:46:47 | Computer Name = TOM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 07/01/2009 10:47:51 | Computer Name = TOM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cdudf_xp eeCtrl Fips intelppm PQIMount RxFilter SASDIFSV SASKUTIL SRTSP SRTSPX SYMTDI Error - 07/01/2009 11:22:32 | Computer Name = TOM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 08/01/2009 21:30:14 | Computer Name = TOM | Source = PlugPlayManager | ID = 11 Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal. < End of report > F-Secure Online Scanner 3.3.1 - Scanning Report - Friday, January 09, 2009 16:58:51Scanning Report Friday, January 09, 2009 15:28:59 - 16:58:49 Computer name: TOM Scanning type: Scan system for malware, rootkits Target: C:\ Result: 1 malware found TrackingCookie.Doubleclick (spyware) System Statistics Scanned: Files: 43161 System: 4810 Not scanned: 8 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 1 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL Options Scanning engines: F-Secure USS: 2.40.0 F-Secure Blacklight: 0.0.0 F-Secure Hydra: 2.8.8110, 2009-01-09 F-Secure Pegasus: 1.20.0, 2008-11-17 F-Secure AVP: 7.0.171, 2009-01-09 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics
  4. aether121

    Hjt Log - Help Me Please!

    Hiya, thanks for the reply - here's the two OT logs: OTViewIt logfile created on: 07/01/2009 12:53:45 - Run 5 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.11 Mb Total Physical Memory | 580.70 Mb Available Physical Memory | 57.26% Memory free 2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.29% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 4.82 Gb Free Space | 6.46% Space Free | Partition Type: NTFS Drive D: | 665.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM Current User Name: tom 1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe [2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe [2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe [2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2009/01/03 17:53:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2009/01/03 17:53:17 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007/03/20 17:39:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009/01/05 12:39:11 | 00,024,576 | ---- | M] (VERITAS Software Corp.) -- C:\WINDOWS\system32\frmwrk32.exe [2009/01/05 15:05:39 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe ========== (O23) Win32 Services ========== [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running]) [2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [On_Demand | Stopped]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running]) [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running]) [2007/08/22 08:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped]) [2007/03/20 17:39:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) File not found -- -- (iPodService [On_Demand | Stopped]) [2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running]) [2008/09/05 10:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped]) [2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running]) [2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running]) [2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash [Auto | Running]) [2005/11/22 08:29:52 | 00,233,472 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped]) [2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Running]) [2005/11/21 21:47:56 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [On_Demand | Stopped]) [2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Auto | Stopped]) [2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Running]) [2008/11/23 12:38:57 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped]) [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/08/22 10:26:35 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) [2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) [2005/10/22 06:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [system | Running]) [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped]) [2007/08/09 00:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running]) [2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [boot | Running]) [2005/10/22 06:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running]) [2008/11/20 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running]) [2008/11/20 09:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running]) [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2005/01/07 15:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006/03/23 10:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running]) [2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running]) [2006/04/17 14:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) [2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped]) [2005/10/22 06:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped]) [2003/07/17 07:17:52 | 00,012,384 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter [boot | Running]) [2008/11/20 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVENG.SYS -- (NAVENG [On_Demand | Running]) [2008/11/20 09:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) [2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running]) [2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [boot | Running]) [2006/02/27 14:00:50 | 00,034,880 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR [boot | Running]) [2006/02/20 15:01:06 | 00,029,056 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR [boot | Running]) [2004/11/22 16:08:54 | 00,046,800 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [system | Running]) [2004/11/22 15:51:58 | 00,138,801 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [boot | Running]) [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2005/10/22 06:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [system | Running]) [2007/09/28 16:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2006/06/08 09:49:50 | 00,344,064 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped]) [2006/02/27 03:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running]) [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped]) [2005/11/21 23:49:40 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [system | Running]) [2004/08/04 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped]) [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [boot | Running]) [2006/01/20 11:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running]) [2008/01/17 04:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped]) [2008/02/01 01:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [system | Running]) [2008/02/01 01:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped]) [2008/02/01 01:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running]) [2008/02/05 19:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running]) [2008/11/23 12:40:31 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) [2008/02/05 19:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running]) [2008/02/05 19:34:43 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running]) [2008/10/03 16:21:54 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081220.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running]) [2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped]) [2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running]) [2008/02/05 19:34:43 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running]) [2008/02/05 19:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running]) [2008/02/05 19:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running]) [2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running]) [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped]) [2004/09/06 20:40:04 | 00,018,432 | R--- | M] (Computer & Entertainment, Inc.) -- C:\WINDOWS\system32\drivers\WDM_Capture_220A.sys -- (WDM_Capture_220A [On_Demand | Stopped]) [2005/12/28 09:37:58 | 00,015,488 | R--- | M] (WideView Technology Inc.) -- C:\WINDOWS\system32\drivers\WDM_Loader_220A.sys -- (WDM_Loader_220A [On_Demand | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\windows\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\windows\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Secondary Start Pages"= "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://home.microsoft.com/access/autosearch.asp?p=%s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) "Framework Windows"=frmwrk32.exe (VERITAS Software Corp.) "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation) ========== (O4) Startup Folders ========== [2008/06/15 14:26:02 | 00,225,280 | ---- | M] (Leader Technologies) -- C:\Documents and Settings\tom 1\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoSetActiveDesktop"=1 "NoActiveDesktopChanges"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoSetActiveDesktop"=1 "NoActiveDesktopChanges"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"=1 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe [] -> [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5 {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool {20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class {5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/Facebo...otoUploader.cab -- Facebook Photo Uploader Control {6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_17 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object ========== (O17) DNS Name Servers ========== {49776DF5-BBFE-43AF-8CA8-5F1CCCFAF543} (Servers: | Description: ) {4F74FE45-CF68-4B8B-9499-151D037C8F2D} (Servers: | Description: ) {5233496C-B997-4C5C-8CE3-C695EFC09560} (Servers: | Description: 1394 Net Adapter) {5B9F5B21-7C23-47D6-B863-51DEB3FD8110} (Servers: | Description: 1394 Net Adapter) {5F04E7C6-01CC-4923-816B-F9EC2B7E12C9} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection) {89DEBDC3-6A19-4D9A-B5D4-A3E9C1B125C3} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC) ========== (O20) AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=avgrsstx.dll >[2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) vtUnopPJ: "DllName" = vtUnopPJ.dll -- File not found ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/06/30 01:10:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] autorun.exe [MZ | ] [1999/10/18 12:14:04 | 00,126,976 | R--- | M] (Impressions Games) -- D:\autorun.exe -- [ CDFS ] autorun.inf [[autorun] | open=autorun.exe | icon=Pharaoh.ico | | | [CONFIG] | BITMAP=pharaoh.bmp ; bitmap you wish to show in the autoplay dialog box | EXENAME=pharaoh.exe ; executable you wish to invoke from the play button | INSTKEY=Pharaoh ; section name that autorun will check to see if app has already | ; been installed. | | | | | ] [1999/09/20 15:48:40 | 00,000,340 | R--- | M] () -- D:\autorun.inf -- [ CDFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun] ""=Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun\command] ""=F:\LaunchU3.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\*.tmp files] [2009/01/07 00:18:27 | 10,634,40384 | -HS- | C] () -- C:\hiberfil.sys [2009/01/06 16:35:38 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe [2009/01/05 18:20:45 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/01/05 18:20:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/01/05 18:20:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/01/05 18:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/01/05 18:18:26 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe [2009/01/05 17:25:08 | 00,749,342 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg [2009/01/05 16:13:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/01/05 14:35:53 | 00,442,392 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg [2009/01/05 14:32:21 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk [2009/01/05 14:32:21 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/01/05 14:26:29 | 00,920,792 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe [2009/01/05 12:39:13 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll [2009/01/05 12:39:12 | 00,024,576 | ---- | C] (VERITAS Software Corp.) -- C:\WINDOWS\System32\frmwrk32.exe [2009/01/05 12:39:10 | 00,024,576 | ---- | C] (VERITAS Software Corp.) -- C:\WINDOWS\System32\pcload.exe [2009/01/05 11:18:58 | 16,319,896 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe [2009/01/05 10:54:33 | 00,028,074 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm [2009/01/05 10:51:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf [2009/01/03 23:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\AVG @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\AVG:Roxio EMC Stream [2009/01/03 23:08:32 | 00,000,000 | ---D | C] -- C:\!KillBox [2009/01/03 17:53:29 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/01/03 17:53:29 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk [2009/01/03 17:53:28 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/01/03 17:53:27 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/01/03 17:53:23 | 31,513,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/01/03 17:53:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/01/03 17:53:23 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/01/03 17:53:23 | 00,014,903 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/01/03 17:53:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2009/01/03 17:33:20 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe [2009/01/03 16:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/01/03 13:58:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl [2009/01/03 13:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\StartupCPL @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\StartupCPL:Roxio EMC Stream [2009/01/03 13:56:52 | 00,058,671 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip [2009/01/03 13:52:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\tom 1\Desktop\kjgjo.exe [2009/01/03 13:18:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/01/03 00:33:51 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2009/01/02 23:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\WinRAR [2009/01/02 22:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/01/02 22:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\SDFix [2009/01/02 16:41:25 | 00,000,000 | ---D | C] -- C:\SDFix [2009/01/02 16:40:32 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\SDFix.exe [2009/01/02 02:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\Malwarebytes [2009/01/02 02:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/01/01 22:31:26 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc [2009/01/01 18:49:01 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2009/01/01 18:49:01 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2009/01/01 18:49:01 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2009/01/01 18:49:01 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe [2009/01/01 18:49:01 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2009/01/01 18:49:01 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2009/01/01 18:49:01 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2009/01/01 18:49:01 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2009/01/01 18:49:01 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2009/01/01 18:49:01 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2009/01/01 18:49:01 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2009/01/01 18:49:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2009/01/01 18:49:01 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2009/01/01 18:49:00 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2009/01/01 17:45:26 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc [2008/12/29 12:13:58 | 00,020,828 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf [2008/12/29 12:11:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf [2008/12/29 12:11:40 | 00,020,810 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf [2008/12/29 12:09:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc [2008/12/28 18:33:34 | 00,004,398 | ---- | C] () -- C:\WINDOWS\caesar3.ico [2008/12/26 00:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\My Documents\My Music @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\My Documents\My Music:Roxio EMC Stream ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2009/01/07 12:44:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2009/01/07 12:44:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2009/01/07 12:43:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/01/07 12:42:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/01/07 12:42:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/01/07 12:42:49 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys [2009/01/06 23:38:46 | 02,110,666 | -H-- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\IconCache.db [2009/01/06 22:54:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/01/06 21:04:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2009/01/06 21:04:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2009/01/06 19:10:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2009/01/06 19:10:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2009/01/06 17:26:47 | 00,137,216 | ---- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/06 17:21:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe [2009/01/06 16:24:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2009/01/06 16:24:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2009/01/05 19:03:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2009/01/05 19:03:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009/01/05 18:20:45 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/01/05 18:20:14 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe [2009/01/05 18:11:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2009/01/05 18:11:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2009/01/05 18:04:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2009/01/05 18:04:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009/01/05 17:25:58 | 00,749,342 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg [2009/01/05 17:19:47 | 00,001,746 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2009/01/05 17:19:43 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009/01/05 16:22:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2009/01/05 16:22:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2009/01/05 15:04:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2009/01/05 15:04:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2009/01/05 14:36:03 | 00,442,392 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg [2009/01/05 14:32:21 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk [2009/01/05 14:26:37 | 00,920,792 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe [2009/01/05 12:39:13 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll [2009/01/05 12:39:11 | 00,024,576 | ---- | M] (VERITAS Software Corp.) -- C:\WINDOWS\System32\pcload.exe [2009/01/05 12:39:11 | 00,024,576 | ---- | M] (VERITAS Software Corp.) -- C:\WINDOWS\System32\frmwrk32.exe [2009/01/05 11:18:58 | 16,319,896 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe [2009/01/05 10:54:33 | 00,028,074 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm [2009/01/05 10:53:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/01/05 10:53:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/01/05 10:51:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf [2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/01/03 23:41:27 | 31,513,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/01/03 23:41:24 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/01/03 23:41:24 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/01/03 17:53:29 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk [2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/01/03 17:53:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/01/03 17:33:21 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe [2009/01/03 13:56:53 | 00,058,671 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip [2009/01/03 13:52:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\tom 1\Desktop\kjgjo.exe [2009/01/03 13:22:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/01/03 13:22:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/01/03 13:17:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2009/01/03 13:17:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/01/03 13:10:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2009/01/03 13:10:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2009/01/03 02:24:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2009/01/03 02:24:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2009/01/03 00:16:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2009/01/03 00:16:19 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2009/01/02 23:55:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2009/01/02 23:55:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2009/01/02 23:51:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2009/01/02 23:51:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2009/01/02 23:47:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2009/01/02 23:47:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2009/01/02 16:40:32 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\SDFix.exe [2009/01/02 15:13:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2009/01/02 15:13:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2009/01/02 13:25:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2009/01/02 13:25:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2009/01/02 13:02:54 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\N.lnk [2009/01/01 22:31:26 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc [2009/01/01 22:30:41 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\Microsoft Word.lnk [2009/01/01 17:45:27 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc [2008/12/29 12:13:58 | 00,020,828 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf [2008/12/29 12:11:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf [2008/12/29 12:11:40 | 00,020,810 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf [2008/12/29 12:09:34 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc [2008/12/28 18:33:26 | 00,000,308 | ---- | M] () -- C:\WINDOWS\SIERRA.INI [2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe < End of report > OTViewIt Extras logfile created on: 07/01/2009 12:53:45 - Run 5 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.11 Mb Total Physical Memory | 580.70 Mb Available Physical Memory | 57.26% Memory free 2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.29% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 4.82 Gb Free Space | 6.46% Space Free | Partition Type: NTFS Drive D: | 665.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM Current User Name: tom 1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0x00000000 "FirewallDisableNotify"=0x00000000 "UpdatesDisableNotify"=0x00000000 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class]) ipp: [HKLM - No CLSID value] [2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [2009/01/03 17:53:22 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class]) [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) msdaipp: [HKLM - No CLSID value] [2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [2001/02/23 17:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}"=LG_MobileSync "{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp "{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate "{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs "{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer "{24DF7221-644B-4C3A-A478-459502D40522}"=Backup "{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11 "{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3C759736-8347-4031-BB9C-D75ADFE6B101}"=Norton Ghost 9.0 "{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls "{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant "{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime "{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger "{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}"=Macromedia Flash Player 8 "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}"=Norton 360 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD "{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works "{7148F0A8-6813-11D6-A77B-00B0D0142170}"=Java 2 Runtime Environment, SE v1.4.2_17 "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit "{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes "{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders "{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}"=iLike Sidebar "{868901EE-7807-4F89-A134-7C705D34F91F}"=Roxio Easy Media Creator 8 Suite "{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player "{8B7443F5-E141-42A0-AB61-ED2331AAD606}"=4oD "{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage "{9D1C26BD-E792-4159-9D16-07EA222D8EF0}"=Windows Messenger 5.1 "{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7 "{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player "{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs "{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player "{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23 "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation) "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series "{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation) "{E91E8912-769D-42F0-8408-0E329443BABC}"=Ralink Wireless LAN Card "{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04 "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver "{F3CBA4E6-436E-4B51-9651-93830EE38616}"=Windows Messenger 5.1 MUI Pack "4oD"=4oD "AC3Filter"=AC3Filter (remove only) "Ad-Aware SE Plus"=Ad-Aware SE Plus "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "ALZip_is1"=ALZip "AVG8Uninstall"=AVG Free 8.0 "AxCrypt"=AxCrypt (Remove Only) "BBC iPlayer Download Manager"=BBC iPlayer Download Manager "CCleaner"=CCleaner (remove only) "CyberScrub Professional 3.5"=CyberScrub Professional 3.5 "Diablo II"=Diablo II "HijackThis"=HijackThis 2.0.2 "hp deskjet 960c series"=hp deskjet 960c series (Remove only) "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime "InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes "InstallShield_{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23 "InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04 "LimeWire"=LimeWire 4.14.10 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "MSNINST"=MSN "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "Pharaoh"=Pharaoh "PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation) "RealPlayer 6.0"=RealPlayer "Roxio MRFilter"=Roxio EasyWrite Reader "Scribe"=Express Scribe "Shareaza_is1"=Shareaza version 2.2.5.0 "SMSERIAL"=Motorola SM56 Data Fax Modem "SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation) "Total Annihilation: Kingdoms"=Total Annihilation: Kingdoms "VLC media player"=VideoLAN VLC media player 0.8.6e "VoipStunt_is1"=VoipStunt "WGA"=Windows Genuine Advantage Validation Tool "Windows Live Toolbar"=Windows Live Toolbar "Windows Media Encoder 9"=Windows Media Encoder 9 Series "Windows Media Format Runtime"=Windows Media Format Runtime "Windows Media Player"=Windows Media Player 10 "World of Warcraft"=World of Warcraft "Yahoo! Companion"=Yahoo! Companion "Yahoo! Messenger with BT Communicator"=Yahoo! Messenger with BT Communicator ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05/01/2009 11:05:22 | Computer Name = TOM | Source = MsiInstaller | ID = 11704 Description = Product: Java 6 Update 11 -- Error 1704.An installation for Google Toolbar for Internet Explorer is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error - 05/01/2009 11:05:32 | Computer Name = TOM | Source = MsiInstaller | ID = 11704 Description = Product: Java 6 Update 11 -- Error 1704.An installation for Google Toolbar for Internet Explorer is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error - 05/01/2009 15:03:03 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. Error - 05/01/2009 18:11:01 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x0078101c. Error - 06/01/2009 15:04:05 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00c9101c. Error - 06/01/2009 17:15:02 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000028bb. Error - 06/01/2009 19:38:02 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00f5101c. Error - 06/01/2009 21:13:28 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00c4101c. Error - 07/01/2009 00:16:20 | Computer Name = TOM | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00b9101c. Error - 07/01/2009 08:43:56 | Computer Name = TOM | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00c4101c. [ System Events ] Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 cdudf_xp eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT PQIMount RasAcd Rdbss RxFilter SRTSP SRTSPX SYMTDI Tcpip Error - 06/01/2009 20:16:28 | Computer Name = TOM | Source = Service Control Manager | ID = 7031 Description = The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. Error - 06/01/2009 21:13:29 | Computer Name = TOM | Source = Service Control Manager | ID = 7031 Description = The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. Error - 06/01/2009 21:13:29 | Computer Name = TOM | Source = Service Control Manager | ID = 7034 Description = The Terminal Services service terminated unexpectedly. It has done this 1 time(s). Error - 07/01/2009 00:16:21 | Computer Name = TOM | Source = Service Control Manager | ID = 7031 Description = The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. Error - 07/01/2009 00:16:21 | Computer Name = TOM | Source = Service Control Manager | ID = 7034 Description = The Terminal Services service terminated unexpectedly. It has done this 1 time(s). Error - 07/01/2009 00:16:46 | Computer Name = TOM | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the Symantec Core LC service. < End of report >
  5. aether121

    Hjt Log - Help Me Please!

    Hi guys, My computer's just crashed after a warning from Norton 360 about trojans being found - Norton will now no longer work and I can't even uninstall it. All Norton/Symantec and general anti-spyware sites are blocked and I've got an icon on my taskbar which is a red circle with a white cross in it which keeps saying "Warning! Security report! Your computer is infected! It is recommended to start spyware cleaner tool" which forces my browser to go to a website called real-av when right-clicked on. Aside from the antivirus sites being blocked alot of the links I try to follow from google get redirected to spurious websites. I've had real problems trying to download the sowftware recommended but I finally managed using google's cache option which seems to circumvent whatever's blocking me most of the time. I have no idea what to do, any help would be really appreciated. Here's the HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:18, on 03/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [sDFix] C:\DOCUME~1\TOM1~1\Desktop\SDFix\RunThis.batx\RunThis.bat /second O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: vtUnopPJ - vtUnopPJ.dll (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - E:\iPod\bin\iPodService.exe (file missing) O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 7701 bytes