Hjt Log - Help Me Please!


Recommended Posts

Hi guys,

My computer's just crashed after a warning from Norton 360 about trojans being found - Norton will now no longer work and I can't even uninstall it. All Norton/Symantec and general anti-spyware sites are blocked and I've got an icon on my taskbar which is a red circle with a white cross in it which keeps saying "Warning! Security report! Your computer is infected! It is recommended to start spyware cleaner tool" which forces my browser to go to a website called real-av when right-clicked on.

Aside from the antivirus sites being blocked alot of the links I try to follow from google get redirected to spurious websites. I've had real problems trying to download the sowftware recommended but I finally managed using google's cache option which seems to circumvent whatever's blocking me most of the time.

I have no idea what to do, any help would be really appreciated. Here's the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:18, on 03/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [sDFix] C:\DOCUME~1\TOM1~1\Desktop\SDFix\RunThis.batx\RunThis.bat /second

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: vtUnopPJ - vtUnopPJ.dll (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Unknown owner - E:\iPod\bin\iPodService.exe (file missing)

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 7701 bytes

Link to post
Share on other sites

Step 1

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 2

Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Link to post
Share on other sites

Hiya, thanks for the reply - here's the two OT logs:

OTViewIt logfile created on: 07/01/2009 12:53:45 - Run 5

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 580.70 Mb Available Physical Memory | 57.26% Memory free

2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.29% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 4.82 Gb Free Space | 6.46% Space Free | Partition Type: NTFS

Drive D: | 665.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TOM

Current User Name: tom 1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

[2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

[2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

[2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe

[2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

[2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

[2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

[2009/01/03 17:53:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

[2009/01/03 17:53:17 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[2007/03/20 17:39:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[2009/01/05 12:39:11 | 00,024,576 | ---- | M] (VERITAS Software Corp.) -- C:\WINDOWS\system32\frmwrk32.exe

[2009/01/05 15:05:39 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [On_Demand | Stopped])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])

[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])

[2007/08/22 08:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])

[2007/03/20 17:39:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

File not found -- -- (iPodService [On_Demand | Stopped])

[2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])

[2008/09/05 10:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])

[2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running])

[2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash [Auto | Running])

[2005/11/22 08:29:52 | 00,233,472 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])

[2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Running])

[2005/11/21 21:47:56 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [On_Demand | Stopped])

[2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Auto | Stopped])

[2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Running])

[2008/11/23 12:38:57 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])

[2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/08/22 10:26:35 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])

[2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2005/10/22 06:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [system | Running])

[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])

[2007/08/09 00:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])

[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [boot | Running])

[2005/10/22 06:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])

[2008/11/20 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008/11/20 09:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2005/01/07 15:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006/03/23 10:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])

[2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running])

[2006/04/17 14:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])

[2005/10/22 06:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])

[2003/07/17 07:17:52 | 00,012,384 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter [boot | Running])

[2008/11/20 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008/11/20 09:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running])

[2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [boot | Running])

[2006/02/27 14:00:50 | 00,034,880 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR [boot | Running])

[2006/02/20 15:01:06 | 00,029,056 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR [boot | Running])

[2004/11/22 16:08:54 | 00,046,800 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [system | Running])

[2004/11/22 15:51:58 | 00,138,801 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [boot | Running])

[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/10/22 06:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [system | Running])

[2007/09/28 16:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2006/06/08 09:49:50 | 00,344,064 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])

[2006/02/27 03:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])

[2005/11/21 23:49:40 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [system | Running])

[2004/08/04 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped])

[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [boot | Running])

[2006/01/20 11:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])

[2008/01/17 04:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])

[2008/02/01 01:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [system | Running])

[2008/02/01 01:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])

[2008/02/01 01:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running])

[2008/02/05 19:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2008/11/23 12:40:31 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2008/02/05 19:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2008/02/05 19:34:43 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008/10/03 16:21:54 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081220.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])

[2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])

[2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])

[2008/02/05 19:34:43 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2008/02/05 19:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2008/02/05 19:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

[2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])

[2004/09/06 20:40:04 | 00,018,432 | R--- | M] (Computer & Entertainment, Inc.) -- C:\WINDOWS\system32\drivers\WDM_Capture_220A.sys -- (WDM_Capture_220A [On_Demand | Stopped])

[2005/12/28 09:37:58 | 00,015,488 | R--- | M] (WideView Technology Inc.) -- C:\WINDOWS\system32\drivers\WDM_Loader_220A.sys -- (WDM_Loader_220A [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=C:\windows\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Local Page"=C:\windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Secondary Start Pages"=

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

"Framework Windows"=frmwrk32.exe (VERITAS Software Corp.)

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/06/15 14:26:02 | 00,225,280 | ---- | M] (Leader Technologies) -- C:\Documents and Settings\tom 1\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoSetActiveDesktop"=1

"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoSetActiveDesktop"=1

"NoActiveDesktopChanges"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.)

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe [] -> [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5

{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool

{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class

{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/Facebo...otoUploader.cab -- Facebook Photo Uploader Control

{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_17

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{49776DF5-BBFE-43AF-8CA8-5F1CCCFAF543} (Servers: | Description: )

{4F74FE45-CF68-4B8B-9499-151D037C8F2D} (Servers: | Description: )

{5233496C-B997-4C5C-8CE3-C695EFC09560} (Servers: | Description: 1394 Net Adapter)

{5B9F5B21-7C23-47D6-B863-51DEB3FD8110} (Servers: | Description: 1394 Net Adapter)

{5F04E7C6-01CC-4923-816B-F9EC2B7E12C9} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

{89DEBDC3-6A19-4D9A-B5D4-A3E9C1B125C3} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=avgrsstx.dll

>[2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

vtUnopPJ: "DllName" = vtUnopPJ.dll -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2006/06/30 01:10:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.exe [MZÂ | ]

[1999/10/18 12:14:04 | 00,126,976 | R--- | M] (Impressions Games) -- D:\autorun.exe -- [ CDFS ]

autorun.inf [[autorun] | open=autorun.exe | icon=Pharaoh.ico | | | [CONFIG] | BITMAP=pharaoh.bmp ; bitmap you wish to show in the autoplay dialog box | EXENAME=pharaoh.exe ; executable you wish to invoke from the play button | INSTKEY=Pharaoh ; section name that autorun will check to see if app has already | ; been installed. | | | | | ]

[1999/09/20 15:48:40 | 00,000,340 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell]

""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun]

""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]

[2009/01/07 00:18:27 | 10,634,40384 | -HS- | C] () -- C:\hiberfil.sys

[2009/01/06 16:35:38 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe

[2009/01/05 18:20:45 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/05 18:20:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/01/05 18:20:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/05 18:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/01/05 18:18:26 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe

[2009/01/05 17:25:08 | 00,749,342 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg

[2009/01/05 16:13:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009/01/05 14:35:53 | 00,442,392 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg

[2009/01/05 14:32:21 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk

[2009/01/05 14:32:21 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/01/05 14:26:29 | 00,920,792 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe

[2009/01/05 12:39:13 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll

[2009/01/05 12:39:12 | 00,024,576 | ---- | C] (VERITAS Software Corp.) -- C:\WINDOWS\System32\frmwrk32.exe

[2009/01/05 12:39:10 | 00,024,576 | ---- | C] (VERITAS Software Corp.) -- C:\WINDOWS\System32\pcload.exe

[2009/01/05 11:18:58 | 16,319,896 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe

[2009/01/05 10:54:33 | 00,028,074 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm

[2009/01/05 10:51:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf

[2009/01/03 23:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\AVG

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\AVG:Roxio EMC Stream

[2009/01/03 23:08:32 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009/01/03 17:53:29 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/01/03 17:53:29 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk

[2009/01/03 17:53:28 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/01/03 17:53:27 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/01/03 17:53:23 | 31,513,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/01/03 17:53:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/01/03 17:53:23 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/01/03 17:53:23 | 00,014,903 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/01/03 17:53:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/01/03 17:33:20 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe

[2009/01/03 16:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/01/03 13:58:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl

[2009/01/03 13:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\StartupCPL

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\StartupCPL:Roxio EMC Stream

[2009/01/03 13:56:52 | 00,058,671 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip

[2009/01/03 13:52:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\tom 1\Desktop\kjgjo.exe

[2009/01/03 13:18:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/01/03 00:33:51 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

[2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/01/02 23:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\WinRAR

[2009/01/02 22:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/01/02 22:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\SDFix

[2009/01/02 16:41:25 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/01/02 16:40:32 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\SDFix.exe

[2009/01/02 02:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\Malwarebytes

[2009/01/02 02:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/01/01 22:31:26 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc

[2009/01/01 18:49:01 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

[2009/01/01 18:49:01 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

[2009/01/01 18:49:01 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe

[2009/01/01 18:49:01 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe

[2009/01/01 18:49:01 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

[2009/01/01 18:49:01 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

[2009/01/01 18:49:01 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

[2009/01/01 18:49:01 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

[2009/01/01 18:49:01 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

[2009/01/01 18:49:01 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe

[2009/01/01 18:49:01 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

[2009/01/01 18:49:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

[2009/01/01 18:49:01 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

[2009/01/01 18:49:00 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

[2009/01/01 17:45:26 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc

[2008/12/29 12:13:58 | 00,020,828 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf

[2008/12/29 12:11:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf

[2008/12/29 12:11:40 | 00,020,810 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf

[2008/12/29 12:09:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc

[2008/12/28 18:33:34 | 00,004,398 | ---- | C] () -- C:\WINDOWS\caesar3.ico

[2008/12/26 00:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\My Documents\My Music

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\My Documents\My Music:Roxio EMC Stream

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]

[2 C:\WINDOWS\*.tmp files]

[2009/01/07 12:44:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2009/01/07 12:44:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009/01/07 12:43:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/01/07 12:42:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/01/07 12:42:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/01/07 12:42:49 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys

[2009/01/06 23:38:46 | 02,110,666 | -H-- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\IconCache.db

[2009/01/06 22:54:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/01/06 21:04:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/01/06 21:04:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/01/06 19:10:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/01/06 19:10:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/01/06 17:26:47 | 00,137,216 | ---- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/06 17:21:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe

[2009/01/06 16:24:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/01/06 16:24:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/01/05 19:03:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/01/05 19:03:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/01/05 18:20:45 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/05 18:20:14 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe

[2009/01/05 18:11:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/01/05 18:11:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/01/05 18:04:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/01/05 18:04:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/01/05 17:25:58 | 00,749,342 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg

[2009/01/05 17:19:47 | 00,001,746 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

[2009/01/05 17:19:43 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/01/05 16:22:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/01/05 16:22:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2009/01/05 15:04:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2009/01/05 15:04:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2009/01/05 14:36:03 | 00,442,392 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg

[2009/01/05 14:32:21 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk

[2009/01/05 14:26:37 | 00,920,792 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe

[2009/01/05 12:39:13 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll

[2009/01/05 12:39:11 | 00,024,576 | ---- | M] (VERITAS Software Corp.) -- C:\WINDOWS\System32\pcload.exe

[2009/01/05 12:39:11 | 00,024,576 | ---- | M] (VERITAS Software Corp.) -- C:\WINDOWS\System32\frmwrk32.exe

[2009/01/05 11:18:58 | 16,319,896 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe

[2009/01/05 10:54:33 | 00,028,074 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm

[2009/01/05 10:53:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2009/01/05 10:53:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm

[2009/01/05 10:51:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf

[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/01/03 23:41:27 | 31,513,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/01/03 23:41:24 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/01/03 23:41:24 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/01/03 17:53:29 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk

[2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/01/03 17:53:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/01/03 17:33:21 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe

[2009/01/03 13:56:53 | 00,058,671 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip

[2009/01/03 13:52:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\tom 1\Desktop\kjgjo.exe

[2009/01/03 13:22:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2009/01/03 13:22:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2009/01/03 13:17:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2009/01/03 13:17:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2009/01/03 13:10:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2009/01/03 13:10:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2009/01/03 02:24:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2009/01/03 02:24:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2009/01/03 00:16:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2009/01/03 00:16:19 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm

[2009/01/02 23:55:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2009/01/02 23:55:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2009/01/02 23:51:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2009/01/02 23:51:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2009/01/02 23:47:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/01/02 23:47:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/01/02 16:40:32 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\SDFix.exe

[2009/01/02 15:13:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2009/01/02 15:13:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm

[2009/01/02 13:25:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2009/01/02 13:25:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2009/01/02 13:02:54 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\N.lnk

[2009/01/01 22:31:26 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc

[2009/01/01 22:30:41 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\Microsoft Word.lnk

[2009/01/01 17:45:27 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc

[2008/12/29 12:13:58 | 00,020,828 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf

[2008/12/29 12:11:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf

[2008/12/29 12:11:40 | 00,020,810 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf

[2008/12/29 12:09:34 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc

[2008/12/28 18:33:26 | 00,000,308 | ---- | M] () -- C:\WINDOWS\SIERRA.INI

[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

< End of report >

OTViewIt Extras logfile created on: 07/01/2009 12:53:45 - Run 5

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 580.70 Mb Available Physical Memory | 57.26% Memory free

2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.29% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 4.82 Gb Free Space | 6.46% Space Free | Partition Type: NTFS

Drive D: | 665.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TOM

Current User Name: tom 1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0x00000000

"FirewallDisableNotify"=0x00000000

"UpdatesDisableNotify"=0x00000000

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

ipp: [HKLM - No CLSID value]

[2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2009/01/03 17:53:22 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

msdaipp: [HKLM - No CLSID value]

[2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[2001/02/23 17:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}"=LG_MobileSync

"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp

"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs

"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11

"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3C759736-8347-4031-BB9C-D75ADFE6B101}"=Norton Ghost 9.0

"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls

"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant

"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime

"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger

"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}"=Macromedia Flash Player 8

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}"=Norton 360

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD

"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works

"{7148F0A8-6813-11D6-A77B-00B0D0142170}"=Java 2 Runtime Environment, SE v1.4.2_17

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit

"{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec

"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders

"{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}"=iLike Sidebar

"{868901EE-7807-4F89-A134-7C705D34F91F}"=Roxio Easy Media Creator 8 Suite

"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8B7443F5-E141-42A0-AB61-ED2331AAD606}"=4oD

"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage

"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}"=Windows Messenger 5.1

"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7

"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs

"{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager

"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series

"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)

"{E91E8912-769D-42F0-8408-0E329443BABC}"=Ralink Wireless LAN Card

"{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F3CBA4E6-436E-4B51-9651-93830EE38616}"=Windows Messenger 5.1 MUI Pack

"4oD"=4oD

"AC3Filter"=AC3Filter (remove only)

"Ad-Aware SE Plus"=Ad-Aware SE Plus

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"ALZip_is1"=ALZip

"AVG8Uninstall"=AVG Free 8.0

"AxCrypt"=AxCrypt (Remove Only)

"BBC iPlayer Download Manager"=BBC iPlayer Download Manager

"CCleaner"=CCleaner (remove only)

"CyberScrub Professional 3.5"=CyberScrub Professional 3.5

"Diablo II"=Diablo II

"HijackThis"=HijackThis 2.0.2

"hp deskjet 960c series"=hp deskjet 960c series (Remove only)

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime

"InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes

"InstallShield_{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player

"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23

"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04

"LimeWire"=LimeWire 4.14.10

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"MSNINST"=MSN

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Pharaoh"=Pharaoh

"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)

"RealPlayer 6.0"=RealPlayer

"Roxio MRFilter"=Roxio EasyWrite Reader

"Scribe"=Express Scribe

"Shareaza_is1"=Shareaza version 2.2.5.0

"SMSERIAL"=Motorola SM56 Data Fax Modem

"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)

"Total Annihilation: Kingdoms"=Total Annihilation: Kingdoms

"VLC media player"=VideoLAN VLC media player 0.8.6e

"VoipStunt_is1"=VoipStunt

"WGA"=Windows Genuine Advantage Validation Tool

"Windows Live Toolbar"=Windows Live Toolbar

"Windows Media Encoder 9"=Windows Media Encoder 9 Series

"Windows Media Format Runtime"=Windows Media Format Runtime

"Windows Media Player"=Windows Media Player 10

"World of Warcraft"=World of Warcraft

"Yahoo! Companion"=Yahoo! Companion

"Yahoo! Messenger with BT Communicator"=Yahoo! Messenger with BT Communicator

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 05/01/2009 11:05:22 | Computer Name = TOM | Source = MsiInstaller | ID = 11704

Description = Product: Java 6 Update 11 -- Error 1704.An installation for Google

Toolbar for Internet Explorer is currently suspended. You must undo the changes

made by that installation to continue. Do you want to undo those changes?

Error - 05/01/2009 11:05:32 | Computer Name = TOM | Source = MsiInstaller | ID = 11704

Description = Product: Java 6 Update 11 -- Error 1704.An installation for Google

Toolbar for Internet Explorer is currently suspended. You must undo the changes

made by that installation to continue. Do you want to undo those changes?

Error - 05/01/2009 15:03:03 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting

module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 05/01/2009 18:11:01 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x0078101c.

Error - 06/01/2009 15:04:05 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x00c9101c.

Error - 06/01/2009 17:15:02 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting

module ntdll.dll, version 5.1.2600.2180, fault address 0x000028bb.

Error - 06/01/2009 19:38:02 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x00f5101c.

Error - 06/01/2009 21:13:28 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x00c4101c.

Error - 07/01/2009 00:16:20 | Computer Name = TOM | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x00b9101c.

Error - 07/01/2009 08:43:56 | Computer Name = TOM | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x00c4101c.

[ System Events ]

Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 06/01/2009 19:42:59 | Computer Name = TOM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD AvgLdx86 AvgMfx86 cdudf_xp eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT PQIMount RasAcd

Rdbss

RxFilter

SRTSP

SRTSPX

SYMTDI

Tcpip

Error - 06/01/2009 20:16:28 | Computer Name = TOM | Source = Service Control Manager | ID = 7031

Description = The DCOM Server Process Launcher service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Reboot the machine.

Error - 06/01/2009 21:13:29 | Computer Name = TOM | Source = Service Control Manager | ID = 7031

Description = The DCOM Server Process Launcher service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Reboot the machine.

Error - 06/01/2009 21:13:29 | Computer Name = TOM | Source = Service Control Manager | ID = 7034

Description = The Terminal Services service terminated unexpectedly. It has done

this 1 time(s).

Error - 07/01/2009 00:16:21 | Computer Name = TOM | Source = Service Control Manager | ID = 7031

Description = The DCOM Server Process Launcher service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Reboot the machine.

Error - 07/01/2009 00:16:21 | Computer Name = TOM | Source = Service Control Manager | ID = 7034

Description = The Terminal Services service terminated unexpectedly. It has done

this 1 time(s).

Error - 07/01/2009 00:16:46 | Computer Name = TOM | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the Symantec Core LC service.

< End of report >

Link to post
Share on other sites

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :files
    C:\WINDOWS\System32\uniq.tll
    C:\WINDOWS\System32\frmwrk32.exe
    C:WINDOWS\System32\pcload.exe
    C:\Documents and Settings\tom 1\Desktop\kjgjo.exe
    C:\Documents and Settings\tom 1\Desktop\SDFix.exe
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Framework Windows"=-



    :Commands
    [EmptyTemp]
    [Reboot]


  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After rebooting please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Click on the Start Scanning button at bottom of page.
  • Accept the License Agreement and the ActiveX install.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report to your Desktop for posting.

Please post

  • C:\_OTMoveIt\MovedFiles\date_time_ran_OtMoveIt.log
  • F-Secure log
  • New OtViewIt logs(s)

in your reply here.

Link to post
Share on other sites

Thanks for the continued support :) Here's the new logs:

========== FILES ==========

C:\WINDOWS\System32\uniq.tll moved successfully.

File/Folder C:\WINDOWS\System32\frmwrk32.exe not found.

File/Folder C:WINDOWS\System32\pcload.exe not found.

C:\Documents and Settings\tom 1\Desktop\kjgjo.exe moved successfully.

C:\Documents and Settings\tom 1\Desktop\SDFix.exe moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\System32\nsq48.tmp moved successfully.

C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP moved successfully.

C:\WINDOWS\msdownld.tmp moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Framework Windows not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\fla1A.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF8749.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF876B.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\JETC94B.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\~ROMFN_00000108 scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01092009_005559

Files moved on Reboot...

File C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\fla1A.tmp not found!

File C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF8749.tmp not found!

File C:\DOCUME~1\TOM1~1\LOCALS~1\Temp\~DF876B.tmp not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

C:\WINDOWS\temp\JETC94B.tmp moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat not found!

File C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat not found!

C:\WINDOWS\temp\~ROMFN_00000108 moved successfully.

OTViewIt logfile created on: 09/01/2009 17:02:05 - Run 6

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 369.07 Mb Available Physical Memory | 36.39% Memory free

2.38 Gb Paging File | 1.60 Gb Available in Paging File | 67.17% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 4.62 Gb Free Space | 6.20% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TOM

Current User Name: tom 1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

[2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

[2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

[2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe

[2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

[2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

[2009/01/03 17:53:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

[2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[2009/01/03 17:53:17 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2007/03/20 17:39:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[2009/01/05 15:05:39 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2008/12/22 11:05:56 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2008/11/23 12:38:57 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[2001/02/28 09:02:04 | 10,571,776 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

[2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2009/01/03 17:53:16 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [On_Demand | Stopped])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])

[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])

[2007/08/22 08:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])

[2007/03/20 17:39:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

File not found -- -- (iPodService [On_Demand | Stopped])

[2009/01/05 15:05:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])

[2008/09/05 10:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])

[2008/02/18 19:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])

[2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running])

[2005/01/27 15:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash [Auto | Running])

[2005/11/22 08:29:52 | 00,233,472 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])

[2005/11/22 08:28:38 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Running])

[2005/11/21 21:47:56 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [On_Demand | Stopped])

[2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Auto | Stopped])

[2005/11/22 08:26:14 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Running])

[2008/11/23 12:38:57 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])

[2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/08/22 10:26:35 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])

[2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2005/10/22 06:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [system | Running])

[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])

[2007/08/09 00:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])

[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [boot | Running])

[2005/10/22 06:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])

[2008/11/20 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2005/01/07 15:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006/03/23 10:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])

[2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running])

[2006/04/17 14:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2005/10/22 06:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])

[2003/07/17 07:17:52 | 00,012,384 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter [boot | Running])

[2008/11/20 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008/11/20 09:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090101.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running])

[2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [boot | Running])

[2006/02/27 14:00:50 | 00,034,880 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR [boot | Running])

[2006/02/20 15:01:06 | 00,029,056 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR [boot | Running])

[2004/11/22 16:08:54 | 00,046,800 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [system | Running])

[2004/11/22 15:51:58 | 00,138,801 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [boot | Running])

[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/10/22 06:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [system | Running])

[2007/09/28 16:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2006/06/08 09:49:50 | 00,344,064 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])

[2006/02/27 03:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])

[2005/11/21 23:49:40 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [system | Running])

[2008/12/22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])

[2008/12/22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])

[2008/12/22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2004/08/04 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped])

[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [boot | Running])

[2006/01/20 11:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])

[2008/01/17 04:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])

[2008/02/01 01:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [system | Running])

[2008/02/01 01:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])

[2008/02/01 01:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running])

[2008/02/05 19:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2008/11/23 12:40:31 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2008/02/05 19:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2008/02/05 19:34:43 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008/10/03 16:21:54 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081220.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])

[2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])

[2008/02/06 21:43:53 | 00,031,408 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])

[2008/02/05 19:34:43 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2008/02/05 19:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2008/02/05 19:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

[2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Running])

[2004/09/06 20:40:04 | 00,018,432 | R--- | M] (Computer & Entertainment, Inc.) -- C:\WINDOWS\system32\drivers\WDM_Capture_220A.sys -- (WDM_Capture_220A [On_Demand | Stopped])

[2005/12/28 09:37:58 | 00,015,488 | R--- | M] (WideView Technology Inc.) -- C:\WINDOWS\system32\drivers\WDM_Loader_220A.sys -- (WDM_Loader_220A [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=C:\windows\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Secondary Start Pages"=

"Start Page"=google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) Startup Folders ==========

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoSetActiveDesktop"=0

"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoSetActiveDesktop"=0

"NoActiveDesktopChanges"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.)

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\ypager.exe [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe [] -> [2004/08/20 12:32:24 | 01,994,752 | ---- | M] (Yahoo! Inc.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 18:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5

{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool

{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class

{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/Facebo...otoUploader.cab -- Facebook Photo Uploader Control

{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_17

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{49776DF5-BBFE-43AF-8CA8-5F1CCCFAF543} (Servers: | Description: )

{4F74FE45-CF68-4B8B-9499-151D037C8F2D} (Servers: | Description: )

{5233496C-B997-4C5C-8CE3-C695EFC09560} (Servers: | Description: 1394 Net Adapter)

{5B9F5B21-7C23-47D6-B863-51DEB3FD8110} (Servers: | Description: 1394 Net Adapter)

{5F04E7C6-01CC-4923-816B-F9EC2B7E12C9} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

{89DEBDC3-6A19-4D9A-B5D4-A3E9C1B125C3} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=avgrsstx.dll

>[2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

vtUnopPJ: "DllName" = vtUnopPJ.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2006/06/30 01:10:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell]

""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun]

""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf47f40e-85ed-11db-8ecb-0013027d5456}\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/01/09 12:52:09 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\My Documents\~$am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc

[2009/01/09 01:08:18 | 00,000,000 | ---D | C] -- C:\fsaua.data

[2009/01/09 00:55:59 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2009/01/09 00:51:44 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTMoveIt3.exe

[2009/01/07 15:23:36 | 10,634,40384 | -HS- | C] () -- C:\hiberfil.sys

[2009/01/07 14:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/01/07 14:41:22 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/01/07 14:41:18 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/01/07 14:41:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\SUPERAntiSpyware.com

[2009/01/07 13:44:49 | 05,824,544 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\SUPERAntiSpyware.exe

[2009/01/07 13:36:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/01/06 16:35:38 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe

[2009/01/05 18:20:45 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/05 18:20:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/01/05 18:20:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/05 18:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/01/05 18:18:26 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe

[2009/01/05 17:25:08 | 00,749,342 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg

[2009/01/05 16:13:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009/01/05 14:35:53 | 00,442,392 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg

[2009/01/05 14:32:21 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk

[2009/01/05 14:32:21 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/01/05 14:26:29 | 00,920,792 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe

[2009/01/05 11:18:58 | 16,319,896 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe

[2009/01/05 10:54:33 | 00,028,074 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm

[2009/01/05 10:51:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf

[2009/01/03 23:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\AVG

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\AVG:Roxio EMC Stream

[2009/01/03 23:08:32 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009/01/03 17:53:29 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/01/03 17:53:29 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk

[2009/01/03 17:53:28 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/01/03 17:53:27 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/01/03 17:53:23 | 31,513,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/01/03 17:53:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/01/03 17:53:23 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/01/03 17:53:23 | 00,014,903 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/01/03 17:53:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/01/03 17:33:20 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe

[2009/01/03 16:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/01/03 13:58:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl

[2009/01/03 13:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\StartupCPL

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\Desktop\StartupCPL:Roxio EMC Stream

[2009/01/03 13:56:52 | 00,058,671 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip

[2009/01/03 13:18:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/01/03 00:33:51 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

[2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/01/03 00:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/01/02 23:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\WinRAR

[2009/01/02 22:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/01/02 22:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Desktop\SDFix

[2009/01/02 16:41:25 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/01/02 02:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\Application Data\Malwarebytes

[2009/01/02 02:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/01/01 22:31:26 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc

[2009/01/01 18:49:01 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

[2009/01/01 18:49:01 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

[2009/01/01 18:49:01 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe

[2009/01/01 18:49:01 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe

[2009/01/01 18:49:01 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

[2009/01/01 18:49:01 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe

[2009/01/01 18:49:01 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

[2009/01/01 18:49:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

[2009/01/01 18:49:01 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

[2009/01/01 18:49:00 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

[2009/01/01 17:45:26 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc

[2008/12/29 12:13:58 | 00,020,828 | ---- | C] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf

[2008/12/29 12:11:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf

[2008/12/29 12:11:40 | 00,020,810 | ---- | C] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf

[2008/12/29 12:09:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc

[2008/12/28 18:33:34 | 00,004,398 | ---- | C] () -- C:\WINDOWS\caesar3.ico

[2008/12/26 00:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tom 1\My Documents\My Music

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\tom 1\My Documents\My Music:Roxio EMC Stream

========== Files - Modified Within 30 Days ==========

[2009/01/09 16:54:02 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/01/09 12:52:09 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\My Documents\~$am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc

[2009/01/09 12:20:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2009/01/09 12:20:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2009/01/09 12:19:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/01/09 12:13:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/01/09 12:13:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/01/09 12:12:59 | 00,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/01/09 12:12:57 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys

[2009/01/09 00:59:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2009/01/09 00:59:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2009/01/09 00:56:37 | 02,113,002 | -H-- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\IconCache.db

[2009/01/09 00:51:51 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTMoveIt3.exe

[2009/01/08 23:07:18 | 00,139,776 | ---- | M] () -- C:\Documents and Settings\tom 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/08 22:57:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2009/01/08 22:57:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm

[2009/01/08 15:58:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2009/01/08 15:58:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2009/01/07 16:18:25 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm

[2009/01/07 16:18:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2009/01/07 15:26:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/01/07 15:26:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/01/07 14:41:22 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/01/07 14:39:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2009/01/07 14:39:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2009/01/07 13:44:49 | 05,824,544 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\SUPERAntiSpyware.exe

[2009/01/07 13:04:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2009/01/07 13:04:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2009/01/07 12:44:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2009/01/07 12:44:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009/01/06 21:04:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/01/06 21:04:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/01/06 19:10:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/01/06 19:10:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/01/06 17:21:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/01/06 16:35:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tom 1\My Documents\OTViewIt.exe

[2009/01/06 16:24:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/01/06 16:24:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/01/05 19:03:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/01/05 19:03:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/01/05 18:20:45 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/05 18:20:14 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tom 1\My Documents\mbam-setup.exe

[2009/01/05 18:11:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/01/05 18:11:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/01/05 18:04:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/01/05 18:04:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/01/05 17:25:58 | 00,749,342 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_172503.reg

[2009/01/05 17:19:47 | 00,001,746 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

[2009/01/05 17:19:43 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/01/05 16:22:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/01/05 16:22:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2009/01/05 15:04:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2009/01/05 15:04:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2009/01/05 14:36:03 | 00,442,392 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\cc_20090105_143549.reg

[2009/01/05 14:32:21 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\CCleaner.lnk

[2009/01/05 14:26:37 | 00,920,792 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\tom 1\Desktop\ccsetup215_slim.exe

[2009/01/05 11:18:58 | 16,319,896 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\jre-6u11-windows-i586-p-s.exe

[2009/01/05 10:54:33 | 00,028,074 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\downloadget.htm

[2009/01/05 10:53:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2009/01/05 10:53:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm

[2009/01/05 10:51:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$5650_SAM_CV_CV.rtf

[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/01/03 23:41:27 | 31,513,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/01/03 23:41:24 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/01/03 23:41:24 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/01/03 17:53:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/01/03 17:53:29 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk

[2009/01/03 17:53:28 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/01/03 17:53:27 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/01/03 17:53:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/01/03 17:33:21 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\tom 1\Desktop\KillBox.exe

[2009/01/03 13:56:53 | 00,058,671 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\StartupCPL.zip

[2009/01/03 13:22:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2009/01/03 13:22:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2009/01/03 13:17:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2009/01/03 13:17:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2009/01/02 13:02:54 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\N.lnk

[2009/01/01 22:31:26 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\Action and Inaction.doc

[2009/01/01 22:30:41 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\Microsoft Word.lnk

[2009/01/01 17:45:27 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\I am currently about to enter my final year of a BA in English and American Literature at the University of Kent.doc

[2008/12/29 12:13:58 | 00,020,828 | ---- | M] () -- C:\Documents and Settings\tom 1\My Documents\375650_SAM_CV_CV.rtf

[2008/12/29 12:11:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$~$CV.rtf

[2008/12/29 12:11:40 | 00,020,810 | ---- | M] () -- C:\Documents and Settings\tom 1\Desktop\375650_SAM_CV_CV.rtf

[2008/12/29 12:09:34 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\tom 1\Desktop\~$ altar stands draped in silk.doc

[2008/12/28 18:33:26 | 00,000,308 | ---- | M] () -- C:\WINDOWS\SIERRA.INI

[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

< End of report >

OTViewIt Extras logfile created on: 09/01/2009 17:02:06 - Run 6

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\tom 1\My Documents

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 369.07 Mb Available Physical Memory | 36.39% Memory free

2.38 Gb Paging File | 1.60 Gb Available in Paging File | 67.17% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 4.62 Gb Free Space | 6.20% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TOM

Current User Name: tom 1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0x00000000

"FirewallDisableNotify"=0x00000000

"UpdatesDisableNotify"=0x00000000

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2005/11/21 21:47:10 | 00,409,600 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

ipp: [HKLM - No CLSID value]

[2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2009/01/03 17:53:22 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

msdaipp: [HKLM - No CLSID value]

[2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2004/09/17 12:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[2001/02/23 17:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}"=LG_MobileSync

"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp

"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs

"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11

"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3C759736-8347-4031-BB9C-D75ADFE6B101}"=Norton Ghost 9.0

"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls

"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant

"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime

"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger

"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}"=Macromedia Flash Player 8

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}"=Norton 360

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD

"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works

"{7148F0A8-6813-11D6-A77B-00B0D0142170}"=Java 2 Runtime Environment, SE v1.4.2_17

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit

"{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec

"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders

"{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}"=iLike Sidebar

"{868901EE-7807-4F89-A134-7C705D34F91F}"=Roxio Easy Media Creator 8 Suite

"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8B7443F5-E141-42A0-AB61-ED2331AAD606}"=4oD

"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage

"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}"=Windows Messenger 5.1

"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7

"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs

"{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager

"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series

"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)

"{E91E8912-769D-42F0-8408-0E329443BABC}"=Ralink Wireless LAN Card

"{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F3CBA4E6-436E-4B51-9651-93830EE38616}"=Windows Messenger 5.1 MUI Pack

"4oD"=4oD

"AC3Filter"=AC3Filter (remove only)

"Ad-Aware SE Plus"=Ad-Aware SE Plus

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"ALZip_is1"=ALZip

"AVG8Uninstall"=AVG Free 8.0

"AxCrypt"=AxCrypt (Remove Only)

"BBC iPlayer Download Manager"=BBC iPlayer Download Manager

"CCleaner"=CCleaner (remove only)

"CyberScrub Professional 3.5"=CyberScrub Professional 3.5

"Diablo II"=Diablo II

"HijackThis"=HijackThis 2.0.2

"hp deskjet 960c series"=hp deskjet 960c series (Remove only)

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}"=QuickTime

"InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}"=iTunes

"InstallShield_{CCCEB76F-E5F1-4790-91D9-DC625B0944CA}"=Veoh Player

"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23

"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}"=O2Micro Flash Memory Card Windows Driver V2.04

"LimeWire"=LimeWire 4.14.10

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"MSNINST"=MSN

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Pharaoh"=Pharaoh

"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)

"RealPlayer 6.0"=RealPlayer

"Roxio MRFilter"=Roxio EasyWrite Reader

"Scribe"=Express Scribe

"Shareaza_is1"=Shareaza version 2.2.5.0

"SMSERIAL"=Motorola SM56 Data Fax Modem

"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)

"Total Annihilation: Kingdoms"=Total Annihilation: Kingdoms

"VLC media player"=VideoLAN VLC media player 0.8.6e

"VoipStunt_is1"=VoipStunt

"WGA"=Windows Genuine Advantage Validation Tool

"Windows Live Toolbar"=Windows Live Toolbar

"Windows Media Encoder 9"=Windows Media Encoder 9 Series

"Windows Media Format Runtime"=Windows Media Format Runtime

"Windows Media Player"=Windows Media Player 10

"World of Warcraft"=World of Warcraft

"Yahoo! Companion"=Yahoo! Companion

"Yahoo! Messenger with BT Communicator"=Yahoo! Messenger with BT Communicator

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 08/01/2009 23:14:35 | Computer Name = TOM | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/01/2009 23:14:54 | Computer Name = TOM | Source = Application Hang | ID = 1002

Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 07/01/2009 10:02:40 | Computer Name = TOM | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 07/01/2009 10:02:40 | Computer Name = TOM | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 07/01/2009 10:02:51 | Computer Name = TOM | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 07/01/2009 10:03:01 | Computer Name = TOM | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 07/01/2009 10:21:16 | Computer Name = TOM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/01/2009 10:21:22 | Computer Name = TOM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/01/2009 10:46:47 | Computer Name = TOM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/01/2009 10:47:51 | Computer Name = TOM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AvgLdx86 AvgMfx86 cdudf_xp eeCtrl Fips intelppm PQIMount RxFilter SASDIFSV SASKUTIL SRTSP

SRTSPX

SYMTDI

Error - 07/01/2009 11:22:32 | Computer Name = TOM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/01/2009 21:30:14 | Computer Name = TOM | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without

first being prepared for removal.

< End of report >

F-Secure Online Scanner 3.3.1 - Scanning Report - Friday, January 09, 2009 16:58:51Scanning

Report

Friday, January 09, 2009 15:28:59 - 16:58:49

Computer name: TOM

Scanning type: Scan system for malware, rootkits

Target: C:\

Result: 1 malware found

TrackingCookie.Doubleclick (spyware)

System

Statistics

Scanned:

Files: 43161

System: 4810

Not scanned: 8

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

None: 1

Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

Options

Scanning engines:

F-Secure USS: 2.40.0

F-Secure Blacklight: 0.0.0

F-Secure Hydra: 2.8.8110, 2009-01-09

F-Secure Pegasus: 1.20.0, 2008-11-17

F-Secure AVP: 7.0.171, 2009-01-09

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF

VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI

MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0

TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB

BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use Advanced heuristics

Edited by aether
Link to post
Share on other sites

Logs looking LOTS better. Are you still getting redirects/blocked sites? You seem to have 2 AV running at one. One is a MUST but two can/will lead to problems. If you wish to use AVG and Norton360..make sure Norton AV is disable.

This could have been some of the blocked site issue.

No overt sign of any malware left but the log is wayy old...my fault.

Please post

  • Fresh HJT
  • Fresh OTViewIt
  • description of any problems issues you are still having

in your reply

Link to post
Share on other sites

Please download OTCleanIt and save it to Desktop.

  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles by miekiemoes :

Help! My computer is slow!

How to prevent Malware

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...