Malware Problems[INACTIVE]


Recommended Posts

Hi,

I've got a friends computer because he has been having a lot of problems with it for awhile and he barely knows which end is which. After running some antivirus/anti malware programs I found a lot of problems so I've tried to fix them using information I found on this forum (thanks btw). I wondered if someone could look at the following reports and check if I have cleared everything please? I originally ran AVG, Spybot S+D, SuperAntiSpyware and HijackThis - all found problems first time and fixed them (and second time they were ran they came out clean). I then posted here only to find out that you no longer use these programs (I must have been looking at old threads) and 'TheTerrorist 75' advised me to run The Comedian, TFC, MBAM, Rooter, Rootrepeal and OTL - posting reports from the latter 4 in this thread.

I have run all the programs and the reports for each are below.

MBAM-Log-2009-08-09

Malwarebytes' Anti-Malware 1.40

Database version: 2586

Windows 5.1.2600 Service Pack 3

09/08/2009 20:07:03

mbam-log-2009-08-09 (20-07-03).txt

Scan type: Quick Scan

Objects scanned: 105227

Time elapsed: 56 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP Home Edition (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Enabled

.

Internet Explorer 8.0.6001.18702

Mozilla Firefox 3.5.2 (en-GB)

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:133 Go )

D:\ [CD_Rom]

.

Scan : 20:40.09

Path : C:\Documents and Settings\robert\My Documents\Downloads\Rooter.exe

User : robert ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (444)

______ \??\C:\WINDOWS\system32\csrss.exe (492)

______ \??\C:\WINDOWS\system32\winlogon.exe (516)

______ C:\WINDOWS\system32\services.exe (560)

______ C:\WINDOWS\system32\lsass.exe (572)

______ C:\WINDOWS\system32\svchost.exe (732)

______ C:\WINDOWS\system32\svchost.exe (780)

______ C:\WINDOWS\System32\svchost.exe (844)

______ C:\WINDOWS\system32\svchost.exe (904)

______ C:\WINDOWS\system32\svchost.exe (940)

______ C:\WINDOWS\system32\LEXBCES.EXE (1156)

______ C:\WINDOWS\system32\LEXPPS.EXE (1200)

______ C:\WINDOWS\system32\spoolsv.exe (1208)

______ C:\WINDOWS\system32\svchost.exe (1712)

______ C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (1744)

______ C:\WINDOWS\system32\svchost.exe (1760)

______ c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe (1772)

______ c:\APPS\Powercinema\Kernel\TV\CLSched.exe (1816)

______ C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (1848)

______ C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (1876)

______ c:\APPS\HIDSERVICE\HIDSERVICE.exe (1888)

______ C:\Program Files\Java\jre6\bin\jqs.exe (1920)

______ C:\WINDOWS\system32\slserv.exe (1972)

______ C:\WINDOWS\System32\PAStiSvc.exe (1992)

______ C:\WINDOWS\system32\svchost.exe (2008)

______ C:\WINDOWS\system32\wdfmgr.exe (2036)

______ C:\WINDOWS\System32\alg.exe (876)

______ C:\WINDOWS\Explorer.EXE (1540)

______ C:\WINDOWS\system32\wscntfy.exe (1548)

______ C:\WINDOWS\SOUNDMAN.EXE (1320)

______ C:\Apps\Powercinema\PCMService.exe (996)

______ C:\apps\ABoard\ABoard.exe (1368)

______ C:\WINDOWS\system32\rundll32.exe (1468)

______ C:\apps\ABoard\AOSD.exe (804)

______ C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (716)

______ C:\WINDOWS\system32\LVCOMSX.EXE (1684)

______ C:\Program Files\Logitech\Video\LogiTray.exe (2060)

______ C:\Program Files\Java\jre6\bin\jusched.exe (2100)

______ C:\WINDOWS\system32\ctfmon.exe (2132)

______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (2148)

______ C:\WINDOWS\system32\sistray.exe (2216)

______ C:\Program Files\Logitech\Video\FxSvr2.exe (2568)

______ C:\Program Files\Mozilla Firefox\firefox.exe (3524)

______ C:\Documents and Settings\robert\My Documents\Downloads\Rooter.exe (3456)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:160031015424)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\SA.DAT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 20:40.35

.

C:\Rooter$\Rooter_1.txt - (09/08/2009 | 20:40.35)

Files Infected:

C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/09 20:41

Program Version: Version 1.3.3.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF501B000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xFB0D5000 Size: 8192 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xF43C4000 Size: 49152 File Visible: No Signed: -

Status: -

Name: sjglhuoq.sys

Image Path: sjglhuoq.sys

Address: 0xFAB91000 Size: 61440 File Visible: No Signed: -

Status: -

SSDT

-------------------

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf51250b0

==EOF==

OTL logfile created on: 09/08/2009 20:47:17 - Run 1

OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\robert\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

190.73 Mb Total Physical Memory | 38.93 Mb Available Physical Memory | 20.41% Memory free

477.15 Mb Paging File | 87.84 Mb Available in Paging File | 18.41% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 133.82 Gb Free Space | 89.79% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SN047570920348

Current User Name: robert

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)

PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.)

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)

PRC - c:\APPS\HIDSERVICE\HIDSERVICE.exe ()

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\System32\slserv.exe ( )

PRC - C:\WINDOWS\System32\PAStiSvc.exe ()

PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)

PRC - C:\apps\ABoard\ABoard.exe (NEC Computers International)

PRC - C:\apps\ABoard\AOSD.exe (NEC Computers International)

PRC - C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)

PRC - C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.)

PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\WINDOWS\System32\sistray.exe (Silicon Integrated Systems Corporation)

PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Labtec Inc.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\robert\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (CLCapSvc [Auto | Running]) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CLSched [Auto | Running]) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

SRV - (CyberLink Media Library Service [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (GenericHidService [Auto | Running]) -- c:\APPS\HIDSERVICE\HIDSERVICE.exe ()

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)

SRV - (SLService [Auto | Running]) -- C:\WINDOWS\System32\slserv.exe ( )

SRV - (STI Simulator [Auto | Running]) -- C:\WINDOWS\System32\PAStiSvc.exe ()

SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (AliIde [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (asc [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (dac2w2k [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys ( )

DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys ( )

DRV - (NtMtlFax [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys ( )

DRV - (PAC207 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pfc027.sys ()

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVCD.sys (Labtec Inc.)

DRV - (ql1080 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (RecAgent [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp [system | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSRaid [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys (Silicon Integrated Systems)

DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys ( )

DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys ( )

DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Vireo Software)

DRV - (Sparrow [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (symc810 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_hi [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (ultra [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A DA 2A A9 37 18 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/04 23:56:34 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 15:58:37 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 23:45:44 | 00,000,000 | ---D | M]

[2009/08/08 15:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\mozilla\Extensions

[2009/08/08 15:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/08 15:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\mozilla\Firefox\Profiles\2nusflcq.default\extensions

[2009/08/09 20:23:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/08 15:56:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/08 23:45:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/07/31 00:39:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/31 00:39:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/07/31 00:39:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/07/30 23:24:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2009/07/31 00:39:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/30 23:24:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2009/07/31 00:39:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/30 23:24:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2009/07/31 00:39:40 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/31 00:39:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/07/30 23:24:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (318425 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 10945 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {17360AB9-DC99-0A86-9D8A-9C39F14ECBD0} - C:\DOCUME~1\jack\APPLIC~1\FILMBU~1\Platform 4.exe File not found

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe (NEC Computers International)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)

O4 - HKLM..\Run: [broadbandadvisor.exe] C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.)

O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.DLL (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [type play htm bird] C:\Documents and Settings\All Users\Application Data\showwaytypeplay\Dash Grey.exe File not found

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\System32\sistray.exe (Silicon Integrated Systems Corporation)

O4 - Startup: C:\Documents and Settings\robert\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/09 20:40:35 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/08/09 18:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\Malwarebytes

[2009/08/09 18:59:16 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/09 18:59:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/09 18:59:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/09 18:59:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/08/09 18:59:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/09 18:54:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/09 18:46:44 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\robert\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/09 18:46:26 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\NTREGOPT.lnk

[2009/08/09 18:46:26 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\ERUNT.lnk

[2009/08/09 18:46:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/08/09 14:25:00 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\HijackThis.lnk

[2009/08/09 14:24:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/08/09 00:46:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/08/09 00:45:52 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/08/09 00:45:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/08/09 00:45:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\SUPERAntiSpyware.com

[2009/08/09 00:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/08/08 23:45:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/08 23:45:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/08 23:45:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/08 19:23:19 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/08/08 19:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/08/08 16:38:00 | 00,000,106 | ---- | C] () -- C:\delete.bat

[2009/08/08 16:16:48 | 00,000,000 | ---D | C] -- C:\NoLopBackups

[2009/08/08 16:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\My Documents\Downloads

[2009/08/08 15:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Local Settings\Application Data\Mozilla

[2009/08/08 15:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\Mozilla

[2009/08/08 15:56:14 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/08/08 15:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/08/08 14:55:46 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

[2009/08/08 14:51:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/08/07 22:42:49 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

[2009/08/07 22:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/08/07 22:19:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/08/07 22:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\AVG8

[2009/07/15 22:38:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/07/15 17:40:51 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/07/15 17:40:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/06/10 03:09:31 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/04/21 23:36:30 | 00,017,191 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/11/05 18:11:52 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2007/07/20 21:41:21 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI

[2007/07/20 21:31:03 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Ulead32.ini

[2007/01/26 23:41:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2006/04/21 23:54:53 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys

[2006/03/25 23:09:36 | 00,000,463 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini

[2006/03/13 20:20:33 | 00,000,070 | ---- | C] () -- C:\WINDOWS\8F44503F.ini

[2006/02/13 16:49:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/01/14 20:58:24 | 00,000,290 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2006/01/10 22:35:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/01/10 22:18:08 | 00,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini

[2006/01/10 22:06:27 | 00,083,822 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2006/01/10 22:06:11 | 00,097,929 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2006/01/10 22:05:16 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2006/01/10 22:05:14 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006/01/10 21:57:38 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll

[2006/01/10 21:57:38 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll

[2006/01/10 21:57:38 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll

[2006/01/10 21:57:38 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

[2005/02/24 12:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys

[2005/01/25 15:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

[2004/09/07 19:49:32 | 00,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/10 18:13:32 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 17:38:23 | 00,000,817 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 17:38:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2004/06/23 14:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1980/01/01 01:00:00 | 01,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[1980/01/01 01:00:00 | 00,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys

[1980/01/01 01:00:00 | 00,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[1980/01/01 01:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll

[1980/01/01 01:00:00 | 00,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[1980/01/01 01:00:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

[1980/01/01 01:00:00 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[1980/01/01 01:00:00 | 00,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys

[1980/01/01 01:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

========== Files - Modified Within 30 Days ==========

[2009/08/09 20:10:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/09 20:09:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/09 20:09:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/09 20:09:17 | 20,006,9120 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/09 20:07:05 | 00,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/08/09 18:59:16 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/09 18:46:44 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\robert\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/09 18:46:26 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\NTREGOPT.lnk

[2009/08/09 18:46:26 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\ERUNT.lnk

[2009/08/09 14:25:03 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\HijackThis.lnk

[2009/08/09 00:45:52 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/08/08 16:38:01 | 00,000,106 | ---- | M] () -- C:\delete.bat

[2009/08/08 16:19:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/08/08 16:19:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/08/08 15:56:14 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/08/08 15:33:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/08/08 15:33:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/08/08 15:26:26 | 00,000,280 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/08/08 15:26:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/08/08 14:56:58 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/31 23:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/07/31 23:01:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/07/26 14:29:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/07/26 14:29:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/07/19 14:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/07/19 14:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2009/07/15 22:33:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/07/15 22:33:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/07/14 21:03:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/07/14 21:03:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2009/07/13 17:35:05 | 00,000,290 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2009/08/09 18:59:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2006/03/13 20:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blueyonder

[2006/10/29 14:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2009/08/07 22:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping

[2004/08/10 18:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2006/11/11 19:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\showwaytypeplay

[2008/05/02 15:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2006/01/10 22:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/08/08 19:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband

[2002/01/05 11:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2006/01/17 22:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2009/08/09 18:59:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\robert\Application Data

[2006/02/28 20:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\CyberLink

[2002/01/13 09:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\MSNInstaller

[2008/07/13 12:40:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Template

[2009/08/08 19:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Virgin Broadband

[2006/01/10 22:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\You've Got Pictures Screensaver

[2006/01/17 22:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Zylom

[2009/08/09 20:07:05 | 00,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2004/08/04 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/08/09 20:09:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >

[2009/08/09 20:13:39 | 00,000,000 | ---D | M] -- C:

[2009/08/09 12:55:17 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$

[2006/11/19 01:26:59 | 00,000,000 | ---D | M] -- C:\1ff0fa629997e3d5ebe17ff2138ad331

[2007/02/18 14:35:35 | 00,000,000 | ---D | M] -- C:\82bc21b50213486ee7ac61

[2007/03/21 12:57:47 | 00,000,000 | ---D | M] -- C:\85108b9cb6c0cf6a4e860097f8d7

[2006/12/09 12:38:06 | 00,000,000 | ---D | M] -- C:\a6c50bca84b8871a5c0d7c4fa36c93

[2006/01/10 22:29:55 | 00,000,000 | ---D | M] -- C:\APPS

[2006/01/10 22:13:53 | 00,000,000 | RHSD | M] -- C:\cmdcons

[2009/08/09 00:46:01 | 00,000,000 | -HSD | M] -- C:\Config.Msi

[2007/05/27 12:39:03 | 00,000,000 | ---D | M] -- C:\ConvertTemp

[2006/01/10 22:17:42 | 00,000,000 | -H-D | M] -- C:\DIVTOOLS

[2008/01/10 13:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings

[2006/01/10 23:51:39 | 00,000,000 | -HSD | M] -- C:\DRIVERS

[2007/07/12 08:07:27 | 00,000,000 | ---D | M] -- C:\f9e766ca629ee8423148

[2007/04/06 11:17:50 | 00,000,000 | -HSD | M] -- C:\found.000

[2008/02/17 11:22:14 | 00,000,000 | -HSD | M] -- C:\found.001

[2006/01/10 22:17:05 | 00,000,000 | ---D | M] -- C:\My Music

[2009/08/08 16:22:00 | 00,000,000 | ---D | M] -- C:\NoLopBackups

[2006/01/10 22:39:38 | 00,000,000 | -H-D | M] -- C:\PNP

[2009/08/09 18:59:07 | 00,000,000 | R--D | M] -- C:\Program Files

[2009/08/08 16:30:10 | 00,000,000 | -HSD | M] -- C:\RECYCLER

[2009/08/09 20:40:35 | 00,000,000 | ---D | M] -- C:\Rooter$

[2006/01/10 22:06:16 | 00,000,000 | ---D | M] -- C:\SiS VGA Utilities V3.65

[2006/01/10 23:50:40 | 00,000,000 | -HSD | M] -- C:\System Volume Information

[2009/08/09 18:54:00 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >

[2006/01/10 22:09:42 | 00,000,210 | RHS- | M] () -- C:\BOOT.BAK

[2006/01/10 23:52:18 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI

[2004/08/04 15:00:00 | 00,260,272 | RHS- | M] () -- C:\cmldr

[2009/08/08 16:38:01 | 00,000,106 | ---- | M] () -- C:\delete.bat

[2006/01/10 22:52:58 | 00,005,365 | ---- | M] () -- C:\DWNLOG.TXT

[2006/06/25 20:31:11 | 00,000,047 | ---- | M] () -- C:\GESYSTEM.LOG

[2009/08/09 20:09:17 | 20,006,9120 | -HS- | M] () -- C:\hiberfil.sys

[2006/04/23 20:55:31 | 29,729,198 | ---- | M] () -- C:\hopelessrob.cm4

[2006/01/10 22:13:34 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/01/10 22:17:42 | 00,000,882 | -H-- | M] () -- C:\IPH.PH

[2006/01/10 22:52:58 | 00,005,365 | ---- | M] () -- C:\MCDLOG.TXT

[2006/06/25 20:31:10 | 00,000,047 | ---- | M] () -- C:\MEM.LOG

[2006/01/10 22:13:34 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/08/08 16:41:27 | 00,005,617 | ---- | M] () -- C:\NoLop.log

[2009/08/08 16:30:38 | 00,005,648 | ---- | M] () -- C:\NoLopOLD.log

[2004/08/04 15:00:00 | 00,047,564 | ---- | M] () -- C:\NTDETECT.COM

[2008/08/19 13:58:23 | 00,250,048 | ---- | M] () -- C:\NTLDR

[2009/08/09 20:41:35 | 31,677,6448 | -HS- | M] () -- C:\pagefile.sys

[2009/08/09 20:41:38 | 00,002,026 | ---- | M] () -- C:\RootRepeal report 08-09-09 (20-41-38).txt

[2009/07/15 22:33:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/07/26 14:29:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/07/31 23:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/08/08 15:26:26 | 00,000,280 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/08/08 15:33:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/08/08 16:19:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/05/04 22:14:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2009/05/05 12:21:52 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm

[2009/05/05 12:26:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm

[2009/05/05 12:29:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/05/22 11:27:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2009/06/12 15:48:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm

[2009/06/12 16:12:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm

[2009/06/12 23:05:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm

[2009/06/13 21:16:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2009/06/14 12:13:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm

[2009/06/14 12:46:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm

[2009/06/14 12:49:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm

[2009/06/14 12:54:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm

[2009/07/14 21:03:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/07/15 22:33:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/07/26 14:29:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/07/31 23:01:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/08/08 15:26:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/08/08 15:33:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/08/08 16:19:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/05/04 22:14:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009/05/05 12:21:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2009/05/05 12:26:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2009/05/05 12:29:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/05/22 11:27:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2009/06/12 15:48:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2009/06/12 16:12:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2009/06/12 23:05:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2009/06/13 21:16:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2009/06/14 12:13:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2009/06/14 12:46:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2009/06/14 12:49:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2009/06/14 12:54:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2009/07/14 21:03:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2006/01/10 22:52:58 | 00,000,000 | ---- | M] () -- C:\UPDFLOP.TAG

< %PROGRAMFILES%\*. >

[2009/08/09 18:59:07 | 00,000,000 | R--D | M] -- C:\Program Files

[2006/01/10 22:15:27 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2006/01/15 12:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\AOL 9.0

[2006/01/10 22:17:39 | 00,000,000 | ---D | M] -- C:\Program Files\AOL Companion

[2009/08/07 22:20:03 | 00,000,000 | ---D | M] -- C:\Program Files\AVG

[2006/01/10 22:05:18 | 00,000,000 | ---D | M] -- C:\Program Files\AvRack

[2008/04/17 16:54:01 | 00,000,000 | ---D | M] -- C:\Program Files\BingoLinerUK

[2007/07/17 13:38:26 | 00,000,000 | ---D | M] -- C:\Program Files\Bodog Poker

[2006/01/28 16:44:18 | 00,000,000 | ---D | M] -- C:\Program Files\Bullfrog

[2009/08/08 19:06:06 | 00,000,000 | ---D | M] -- C:\Program Files\CA

[2006/04/14 16:04:39 | 00,000,000 | ---D | M] -- C:\Program Files\Codemasters

[2009/08/09 00:43:33 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2009/08/08 19:02:49 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2006/01/10 22:24:29 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink

[2008/04/19 20:29:10 | 00,000,000 | ---D | M] -- C:\Program Files\DownloadManager

[2006/04/21 19:24:33 | 00,000,000 | ---D | M] -- C:\Program Files\Eidos Interactive

[2009/08/09 18:46:44 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT

[2006/11/18 18:32:38 | 00,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade

[2008/04/29 15:44:02 | 00,000,000 | ---D | M] -- C:\Program Files\Google

[2006/02/13 17:16:16 | 00,000,000 | ---D | M] -- C:\Program Files\iMeshBar

[2008/05/02 21:07:11 | 00,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information

[2009/08/08 15:03:18 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2009/08/08 23:45:06 | 00,000,000 | ---D | M] -- C:\Program Files\Java

[2006/01/10 22:17:30 | 00,000,000 | ---D | M] -- C:\Program Files\Learn2.com

[2007/07/19 12:15:01 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech

[2009/08/09 18:59:22 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2006/10/28 18:09:46 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis

[2008/08/19 14:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger

[2008/09/13 23:36:55 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2004/08/10 17:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2006/01/10 22:27:59 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2007/07/20 21:20:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mingjong

[2008/08/19 14:06:26 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2009/08/09 20:13:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2002/01/13 09:38:43 | 00,000,000 | ---D | M] -- C:\Program Files\MSN

[2006/01/13 17:00:04 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Apps

[2006/11/18 18:31:18 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Games

[2004/08/10 17:54:32 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2006/11/19 01:26:56 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2008/08/19 14:02:18 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2004/08/10 17:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services

[2008/08/19 14:02:12 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2007/05/04 22:56:25 | 00,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger

[2007/07/20 21:19:24 | 00,000,000 | ---D | M] -- C:\Program Files\PC Camera

[2002/01/13 09:39:47 | 00,000,000 | ---D | M] -- C:\Program Files\Real

[2006/01/10 22:05:18 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager

[2006/01/10 22:29:00 | 00,000,000 | ---D | M] -- C:\Program Files\Sonic

[2006/02/13 16:42:30 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson

[2007/08/18 19:47:41 | 00,000,000 | ---D | M] -- C:\Program Files\Sports Interactive

[2009/08/09 18:36:14 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy

[2009/08/09 00:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware

[2009/08/09 14:24:47 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro

[2008/05/02 16:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\Ulead Systems

[2004/08/10 18:04:40 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2006/04/21 23:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\Vg

[2006/01/10 22:17:29 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint

[2009/08/08 19:06:09 | 00,000,000 | ---D | M] -- C:\Program Files\Virgin Broadband

[2008/09/14 20:04:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live

[2008/09/14 20:05:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites

[2008/09/14 20:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar

[2007/07/20 21:20:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components

[2002/01/05 11:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2008/08/19 14:02:12 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2004/08/10 17:57:02 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2006/11/27 18:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\WordBiz

[2004/08/10 17:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

[2007/07/19 12:09:59 | 00,000,000 | ---D | M] -- C:\Program Files\Zylom Games

< %systemroot%\*.exe >

[2004/09/01 21:04:00 | 00,139,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe

[2004/11/05 17:29:00 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe

[2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2008/04/14 01:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe

[2004/11/24 15:05:54 | 00,032,768 | ---- | M] () -- C:\WINDOWS\InstFunc.exe

[1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2008/04/14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[2008/04/14 01:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe

[2003/07/02 18:03:48 | 00,024,576 | ---- | M] () -- C:\WINDOWS\slrundll.exe

[2003/07/02 18:44:48 | 00,061,440 | ---- | M] () -- C:\WINDOWS\SmCfg.exe

[2005/01/20 21:04:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2004/08/04 15:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE

[2004/08/04 15:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe

[2004/08/04 15:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe

[2004/08/04 15:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe

[2008/04/14 01:12:39 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe

[2008/04/27 15:04:10 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\drivers\*.dat >

[2005/03/17 16:35:52 | 00,001,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\alcxinit.dat

< %systemroot%\system\*.exe >

< %PROGRAMFILES%\*.* >

< %APPDATA%\*.* >

[2004/08/10 17:47:10 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\robert\Application Data\desktop.ini

[2006/07/10 19:41:30 | 01,414,801 | ---- | M] () -- C:\Documents and Settings\robert\Application Data\Install.dat

< set /c >

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\robert\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=SN047570920348

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\robert

LOGONSERVER=\\SN047570920348

MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Crash Reports

MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe

MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Samsung\Samsung PC Studio 3\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\robert\LOCALS~1\Temp

TMP=C:\DOCUME~1\robert\LOCALS~1\Temp

USERDOMAIN=SN047570920348

USERNAME=robert

USERPROFILE=C:\Documents and Settings\robert

windir=C:\WINDOWS

< End of report >

OTL Extras logfile created on: 09/08/2009 20:47:17 - Run 1

OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\robert\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

190.73 Mb Total Physical Memory | 38.93 Mb Available Physical Memory | 20.41% Memory free

477.15 Mb Paging File | 87.84 Mb Available in Paging File | 18.41% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 133.82 Gb Free Space | 89.79% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SN047570920348

Current User Name: robert

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.hta [@ = htafile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)

"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA -- File not found

"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA -- File not found

"C:\Program Files\iMesh\iMesh5\iMesh.exe" = C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5 -- File not found

"C:\Program Files\p2pnetworks\p2pnetworks.exe" =

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\BingoLinerUK\LinerUK.exe" = C:\Program Files\BingoLinerUK\LinerUK.exe:*:Enabled:BingoLiner UK -- (Leap Frog Gaming)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)

"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition

"{10C1A383-5FB9-4868-859C-E64F6822E9C8}" = Sony Ericsson Mobile Phone Monitor

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15

"{2F84AD97-6952-4801-A20B-7C8DD1E9A301}" = CapMan

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0

"{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Labtec WebCam Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE

"{ECF6CB25-95A7-403F-89C2-F72E44EFE0CB}" = PC Suite

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ERUNT_is1" = ERUNT 1.1j

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus

"Lexmark Z600 Series" = Lexmark Z600 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QcDrv" = Labtec® Camera Driver

"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.14

"SiS VGA Driver" = SiS VGA Utilities

"Ulead COOL 360 1.0" = Ulead COOL 360 1.0

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 31/07/2009 16:22:19 | Computer Name = SN047570920348 | Source = SecurityCenter | ID = 1802

Description = The Windows Security Center Service was unable to establish event

queries with WMI to monitor third party AntiVirus and Firewall.

Error - 31/07/2009 16:22:20 | Computer Name = SN047570920348 | Source = Application Error | ID = 1000

Description = Faulting application bleh dale.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 31/07/2009 16:23:47 | Computer Name = SN047570920348 | Source = Application Error | ID = 1000

Description = Faulting application msnmsgr.exe, version 8.5.1302.1018, faulting

module msidcrl40.dll, version 4.100.313.1, fault address 0x00084c40.

Error - 08/08/2009 09:42:43 | Computer Name = SN047570920348 | Source = Application Hang | ID = 1002

Description = Hanging application RPS.exe, version 6.0.1.22212, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 08/08/2009 10:28:18 | Computer Name = SN047570920348 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/08/2009 11:34:43 | Computer Name = SN047570920348 | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.1.3497, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 08/08/2009 11:53:22 | Computer Name = SN047570920348 | Source = Application Error | ID = 1000

Description = Faulting application avgcsrvx.exe, version 8.5.0.401, faulting module

ntdll.dll, version 5.1.2600.5755, fault address 0x00011836.

Error - 08/08/2009 14:01:21 | Computer Name = SN047570920348 | Source = WinMgmt | ID = 24

Description = Event provider attempted to register query "SELECT * FROM PDEvent"

whose target class "PDEvent" does not exist. The query will be ignored.

Error - 08/08/2009 14:22:16 | Computer Name = SN047570920348 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 08/08/2009 14:22:16 | Computer Name = SN047570920348 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

[ System Events ]

Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The CyberLink Task Scheduler (CTS) service terminated unexpectedly.

It has done this 1 time(s).

Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The CyberLink Media Library Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The Generic Service for HID Keyboard Input Collections service terminated

unexpectedly. It has done this 1 time(s).

Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The SmartLinkService service terminated unexpectedly. It has done

this 1 time(s).

Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The STI Simulator service terminated unexpectedly. It has done this

1 time(s).

Error - 09/08/2009 13:49:31 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034

Description = The Windows User Mode Driver Framework service terminated unexpectedly.

It has done this 1 time(s).

Error - 09/08/2009 13:52:40 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7000

Description = The Security Services Driver (x86) service failed to start due to

the following error: %%2

Error - 09/08/2009 15:09:38 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7000

Description = The Security Services Driver (x86) service failed to start due to

the following error: %%2

Error - 09/08/2009 15:09:40 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

ViaIde

< End of report >

Thanks for any help you can provide. Aside from any outstanding Malware/virus etc if there's any useless programs installed (or processes etc) that I can get rid of I would love to know because his system has started to run faster with some of the junk gone but it's still not great.

Thanks again

Steve

EDIT : Sorry I forgot to mention 2 things.

Firstly one of his sons had downloaded 'limewire' which might be where all the malware/viruses were coming from - I've deleted it and checked for other p2p programs but can't see any (if there is something listed above it's because I haven't seen it but I will gladly delete anything else - his sons won't be downloading p2p things again).

Second when I ran OTL and closed it I realised there was an option for 'All Users'. I hadn't clicked this because I was following the directions for 'How To Post An OTL Log' to the letter. There are 3 users accounts on this computer - my friend and his two sons - and I'm not sure if this will affect the information you get from the report or not.

Thanks

Edited by StevieG
Link to post
Share on other sites

hi

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/08/07 22:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
    [2006/11/11 19:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\showwaytypeplay
    [2007/04/06 11:17:50 | 00,000,000 | -HSD | M] -- C:\found.000
    [2008/02/17 11:22:14 | 00,000,000 | -HSD | M] -- C:\found.001
    [2009/08/08 16:22:00 | 00,000,000 | ---D | M] -- C:\NoLopBackups
    [2009/08/08 16:41:27 | 00,005,617 | ---- | M] () -- C:\NoLop.log
    [2009/08/08 16:30:38 | 00,005,648 | ---- | M] () -- C:\NoLopOLD.log

    :Services
    sjglhuoq.sys


    :Reg

    :Files
    C:\sjglhuoq.sys /s
    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.