View Full Version : Click.GiftLoad and other problems
celticbhoy
2011-04-18, 22:42
Hi there, I hope someone can help me?
Spybot has found the Click.GiftLoad issue which reoccurs everytime I restart
my system.
This results in tabs appearing while using IE or Firefox, and links being
redirected when I click on them.
I also had the rogue programme - XP AntiSpyware 2011 appear a few days ago, which stopped me from opening Firefox, but not IE, and kept appearing warning me that I had many viruses etc....
This XP AntiSpyware 2011 programme now seems to have disappeared from view, but now I can hardly open any programs, inc Spybot, Firefox, AVG amongst others, as it states when I try to open them " Windows cannot open the specified device, path or file. You may not have the appropriate permissions to access the file." As far as I know, I have the only profile set up and am the administrator.
I tried to run the Erunt programme, but got the same message as above "Windows cannot open etc..."
I did manage to run the DDS though - here are the details, hope I've done them correctly, I'm not that sure what I'm doing....
Thanks in advance, Matt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 20:12:55.07 on 18/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.462 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Matthew Reid\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NPSStartup]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AMService] c:\windows\temp\eiva\setup.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119718089968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221673065921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxp://www.jessopsphotoexpress.com/wpp/jessopsphotoexpress/app/opcuploader.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\matthe~1\applic~1\mozilla\firefox\profiles\paalu15a.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\matthew reid\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-29 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-29 243024]
R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-6-6 532224]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-8 238952]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);c:\windows\system32\drivers\Amps2prt.sys [2001-10-19 9056]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-8 36608]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-20 30576]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-10-22 27632]
S1 RapportKELL;RapportKELL;\??\c:\program files\trusteer\rapport\bin\rapportkell.sys --> c:\program files\trusteer\rapport\bin\RapportKELL.sys [?]
S2 AMService;AMService;c:\windows\temp\eiva\setup.exe run --> c:\windows\temp\eiva\setup.exe run [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-10-22 13224]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-2-6 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-2-6 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-2-6 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-2-6 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-2-6 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-2-6 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-2-6 123504]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-2-6 155344]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-1-8 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-1-8 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-1-8 123648]
.
=============== Created Last 30 ================
.
2011-04-18 19:04:46 -------- d--h--w- c:\windows\PIF
2011-04-15 20:24:45 327680 --sha-w- c:\docume~1\matthe~1\locals~1\applic~1\syc.exe
2011-04-15 20:24:42 327680 --sha-w- c:\docume~1\matthe~1\locals~1\applic~1\qkf.exe
2011-04-14 17:11:55 -------- d-----w- c:\docume~1\matthe~1\locals~1\applic~1\Trusteer
2011-03-31 13:36:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-31 13:36:20 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-31 13:36:20 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-31 13:36:20 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-31 13:36:20 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-31 13:36:20 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-31 13:36:20 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-31 13:36:20 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-31 08:33:12 -------- d-----w- c:\docume~1\matthe~1\applic~1\Malwarebytes
2011-03-31 08:30:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 08:30:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-31 08:30:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 08:30:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 20:07:40 0 ----a-w- c:\windows\Oqagafuzac.bin
2011-03-28 20:07:38 -------- d-----w- c:\docume~1\matthe~1\locals~1\applic~1\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}
2011-03-28 19:48:54 -------- d-----w- c:\docume~1\matthe~1\applic~1\89731C4B3CC7F4B153DC37B49D04CC5B
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST316002 rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87058439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8705e7d0]; MOV EAX, [0x8705e84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87081358]
3 CLASSPNP[0xF7612FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x870154A0]
\Driver\iaStor[0x8707E730] -> IRP_MJ_CREATE -> 0x87058439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST3160023AS_____________________________8.12____#4&244ba08&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312499998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:15:48.07 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with a ROOTKIT :sad:
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
celticbhoy
2011-04-21, 09:18
Hi Ken
Thank you very much for trying to solve this problem for me :thanks:
Here are the scan results
2011/04/21 07:07:47.0843 1372 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/21 07:07:49.0843 1372 ================================================================================
2011/04/21 07:07:49.0843 1372 SystemInfo:
2011/04/21 07:07:49.0843 1372
2011/04/21 07:07:49.0843 1372 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/21 07:07:49.0843 1372 Product type: Workstation
2011/04/21 07:07:49.0843 1372 ComputerName: MATTHEWREID
2011/04/21 07:07:49.0843 1372 UserName: Matthew Reid
2011/04/21 07:07:49.0843 1372 Windows directory: C:\WINDOWS
2011/04/21 07:07:49.0843 1372 System windows directory: C:\WINDOWS
2011/04/21 07:07:49.0843 1372 Processor architecture: Intel x86
2011/04/21 07:07:49.0843 1372 Number of processors: 2
2011/04/21 07:07:49.0843 1372 Page size: 0x1000
2011/04/21 07:07:49.0843 1372 Boot type: Normal boot
2011/04/21 07:07:49.0843 1372 ================================================================================
2011/04/21 07:07:56.0828 1372 Initialize success
2011/04/21 07:08:10.0656 1676 ================================================================================
2011/04/21 07:08:10.0656 1676 Scan started
2011/04/21 07:08:10.0656 1676 Mode: Manual;
2011/04/21 07:08:10.0656 1676 ================================================================================
2011/04/21 07:08:16.0437 1676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/21 07:08:16.0578 1676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/21 07:08:16.0734 1676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/21 07:08:16.0781 1676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/21 07:08:16.0859 1676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/21 07:08:16.0968 1676 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/21 07:08:17.0171 1676 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/21 07:08:17.0234 1676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/21 07:08:17.0296 1676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/21 07:08:17.0390 1676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/21 07:08:17.0500 1676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/21 07:08:17.0578 1676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/21 07:08:17.0812 1676 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/21 07:08:17.0968 1676 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/21 07:08:18.0312 1676 Amps2prt (537c6c32ea891fed3ff7eb1e05a4ff03) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
2011/04/21 07:08:18.0734 1676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/21 07:08:18.0984 1676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/21 07:08:19.0125 1676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/21 07:08:19.0218 1676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/21 07:08:19.0578 1676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/21 07:08:19.0765 1676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/21 07:08:19.0890 1676 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/21 07:08:20.0015 1676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/21 07:08:20.0109 1676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/21 07:08:20.0187 1676 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/04/21 07:08:20.0296 1676 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/04/21 07:08:20.0375 1676 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/04/21 07:08:20.0468 1676 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/21 07:08:20.0562 1676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/21 07:08:20.0687 1676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/21 07:08:20.0750 1676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/21 07:08:20.0812 1676 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/21 07:08:20.0890 1676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/21 07:08:20.0968 1676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/21 07:08:21.0046 1676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/21 07:08:21.0109 1676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/21 07:08:21.0234 1676 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/21 07:08:21.0296 1676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/21 07:08:21.0390 1676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/21 07:08:21.0437 1676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/21 07:08:21.0515 1676 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
2011/04/21 07:08:21.0656 1676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/21 07:08:21.0718 1676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/21 07:08:21.0843 1676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/21 07:08:21.0921 1676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/21 07:08:22.0015 1676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/21 07:08:22.0109 1676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/21 07:08:22.0171 1676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/21 07:08:22.0453 1676 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/21 07:08:22.0625 1676 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/21 07:08:22.0718 1676 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/21 07:08:22.0843 1676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/21 07:08:22.0921 1676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/21 07:08:23.0000 1676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/21 07:08:23.0046 1676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/21 07:08:23.0140 1676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/21 07:08:23.0250 1676 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/04/21 07:08:23.0328 1676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/21 07:08:23.0390 1676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/21 07:08:23.0515 1676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/21 07:08:23.0609 1676 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2011/04/21 07:08:23.0671 1676 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2011/04/21 07:08:23.0734 1676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/21 07:08:23.0843 1676 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/21 07:08:23.0921 1676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/21 07:08:23.0984 1676 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/21 07:08:24.0078 1676 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/21 07:08:24.0156 1676 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/21 07:08:24.0250 1676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/21 07:08:24.0343 1676 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/21 07:08:24.0390 1676 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/21 07:08:24.0500 1676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/21 07:08:24.0593 1676 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/04/21 07:08:24.0656 1676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/21 07:08:24.0750 1676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/21 07:08:24.0812 1676 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/21 07:08:24.0906 1676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/21 07:08:24.0953 1676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/21 07:08:25.0015 1676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/21 07:08:25.0078 1676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/21 07:08:25.0140 1676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/21 07:08:25.0250 1676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/21 07:08:25.0328 1676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/21 07:08:25.0437 1676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/21 07:08:25.0546 1676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/21 07:08:25.0625 1676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/21 07:08:25.0671 1676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/21 07:08:25.0781 1676 lanusb (73f6efd2a2315af34f7872559686c471) C:\WINDOWS\system32\DRIVERS\glausb.sys
2011/04/21 07:08:25.0921 1676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/21 07:08:26.0015 1676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/21 07:08:26.0109 1676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/21 07:08:26.0312 1676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/21 07:08:26.0390 1676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/21 07:08:26.0500 1676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/21 07:08:26.0609 1676 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/21 07:08:27.0562 1676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/21 07:08:28.0203 1676 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
2011/04/21 07:08:28.0390 1676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/21 07:08:28.0546 1676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/21 07:08:28.0906 1676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/21 07:08:29.0265 1676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/21 07:08:29.0468 1676 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/21 07:08:29.0843 1676 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/21 07:08:29.0968 1676 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/21 07:08:30.0203 1676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/21 07:08:30.0265 1676 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/21 07:08:30.0343 1676 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/21 07:08:30.0421 1676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/21 07:08:30.0500 1676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/21 07:08:30.0609 1676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/21 07:08:30.0734 1676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/21 07:08:30.0812 1676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/21 07:08:30.0953 1676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/21 07:08:31.0093 1676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/21 07:08:31.0203 1676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/21 07:08:31.0312 1676 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/21 07:08:31.0437 1676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/21 07:08:31.0500 1676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/21 07:08:31.0562 1676 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/21 07:08:31.0718 1676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/21 07:08:31.0796 1676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/21 07:08:31.0875 1676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/21 07:08:31.0937 1676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/21 07:08:32.0031 1676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/21 07:08:32.0078 1676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/21 07:08:32.0156 1676 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/21 07:08:32.0312 1676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/21 07:08:32.0343 1676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/21 07:08:32.0515 1676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/21 07:08:32.0640 1676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/21 07:08:32.0687 1676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/21 07:08:32.0750 1676 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/21 07:08:32.0859 1676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/21 07:08:32.0890 1676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/21 07:08:32.0968 1676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/21 07:08:33.0000 1676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/21 07:08:33.0078 1676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/21 07:08:33.0296 1676 RapportCerberus_25973 (3d80f6fb972cffab9a760892f9ab7232) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys
2011/04/21 07:08:33.0437 1676 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/04/21 07:08:34.0062 1676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/21 07:08:34.0203 1676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/21 07:08:34.0296 1676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/21 07:08:34.0359 1676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/21 07:08:34.0437 1676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/21 07:08:34.0500 1676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/21 07:08:34.0609 1676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/21 07:08:34.0734 1676 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/21 07:08:34.0812 1676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/21 07:08:34.0921 1676 s1039bus (d0eedc88876b20d42157cdcca3e647f3) C:\WINDOWS\system32\DRIVERS\s1039bus.sys
2011/04/21 07:08:34.0984 1676 s1039mdfl (7b35091a7bb597c86262c589b0b57d06) C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys
2011/04/21 07:08:35.0046 1676 s1039mdm (4cb1ab13c9813cbf3e4c6406f8043ec2) C:\WINDOWS\system32\DRIVERS\s1039mdm.sys
2011/04/21 07:08:35.0125 1676 s1039mgmt (2649ca09585a7531126dcc116ad1f88c) C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys
2011/04/21 07:08:35.0171 1676 s1039nd5 (6d3f549efd6daedd7d12f3de2175053f) C:\WINDOWS\system32\DRIVERS\s1039nd5.sys
2011/04/21 07:08:35.0218 1676 s1039obex (305e3e3aca0037af2e2c1b50a383c91b) C:\WINDOWS\system32\DRIVERS\s1039obex.sys
2011/04/21 07:08:35.0265 1676 s1039unic (7dd02a58277c84c043442561589914f4) C:\WINDOWS\system32\DRIVERS\s1039unic.sys
2011/04/21 07:08:35.0343 1676 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
2011/04/21 07:08:35.0421 1676 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
2011/04/21 07:08:35.0515 1676 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
2011/04/21 07:08:35.0593 1676 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
2011/04/21 07:08:35.0671 1676 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys
2011/04/21 07:08:35.0750 1676 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
2011/04/21 07:08:35.0828 1676 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys
2011/04/21 07:08:35.0906 1676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/21 07:08:36.0000 1676 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/04/21 07:08:36.0171 1676 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/04/21 07:08:36.0265 1676 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/21 07:08:36.0359 1676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/21 07:08:36.0453 1676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/21 07:08:36.0578 1676 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/21 07:08:36.0671 1676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/21 07:08:36.0765 1676 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/21 07:08:36.0843 1676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/21 07:08:36.0953 1676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/21 07:08:37.0015 1676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/21 07:08:37.0203 1676 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/21 07:08:37.0281 1676 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/21 07:08:37.0375 1676 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/21 07:08:37.0468 1676 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/04/21 07:08:37.0531 1676 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/04/21 07:08:37.0593 1676 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/04/21 07:08:37.0671 1676 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/21 07:08:37.0781 1676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/21 07:08:37.0828 1676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/21 07:08:38.0437 1676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/21 07:08:38.0593 1676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/21 07:08:38.0625 1676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/21 07:08:38.0687 1676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/21 07:08:38.0765 1676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/21 07:08:38.0859 1676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/21 07:08:38.0937 1676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/21 07:08:39.0031 1676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/21 07:08:39.0093 1676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/21 07:08:39.0187 1676 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/21 07:08:39.0265 1676 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/21 07:08:39.0359 1676 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/21 07:08:39.0437 1676 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/21 07:08:39.0515 1676 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/21 07:08:39.0593 1676 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/21 07:08:39.0656 1676 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/21 07:08:39.0734 1676 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/21 07:08:39.0828 1676 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/21 07:08:39.0968 1676 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/21 07:08:40.0046 1676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/21 07:08:40.0125 1676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/21 07:08:40.0203 1676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/21 07:08:40.0312 1676 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/21 07:08:40.0468 1676 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/21 07:08:40.0515 1676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/21 07:08:40.0609 1676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/21 07:08:40.0671 1676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/21 07:08:40.0796 1676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/21 07:08:40.0875 1676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/21 07:08:40.0937 1676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/21 07:08:41.0015 1676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/21 07:08:41.0078 1676 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/21 07:08:41.0171 1676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/21 07:08:41.0250 1676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/21 07:08:41.0296 1676 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/21 07:08:41.0359 1676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/21 07:08:41.0484 1676 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/04/21 07:08:41.0718 1676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/21 07:08:41.0812 1676 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/04/21 07:08:41.0906 1676 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/21 07:08:41.0984 1676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/21 07:08:42.0187 1676 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/21 07:08:42.0281 1676 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/21 07:08:42.0343 1676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/21 07:08:42.0406 1676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/21 07:08:42.0515 1676 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/21 07:08:42.0546 1676 ================================================================================
2011/04/21 07:08:42.0546 1676 Scan finished
2011/04/21 07:08:42.0546 1676 ================================================================================
2011/04/21 07:08:42.0578 0508 Detected object count: 1
2011/04/21 07:09:05.0593 0508 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/21 07:09:05.0593 0508 \HardDisk0 - ok
2011/04/21 07:09:05.0593 0508 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/21 07:10:27.0218 2364 Deinitialize success
:bigthumb:
Your doing fine . Make sure you have rebooted your system after running TDSSKiller for it to remove the rootkit.
This garbage always brings more. Lets do this
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
celticbhoy
2011-04-21, 13:04
Thanks for your quick reply Ken.
Yes, I rebooted after running TDSSKiller.exe
I've downloaded and done what you asked with ATF Cleaner.
I had already downloaded Malwarebytes in the last few weeks,
but did so again from the locations you asked me to.
I thought I should mention, when I downloaded TDSSKiller,
a Windows box asked me what program I'd like it to open with.
I renamed it with a .com extension to get it to run.
I've also had to do that with ATF and Malwarebytes in order
that they would run, is that ok?
Also, prior to these infections, the PC loaded with AVG
and ZoneAlarm icons in the bottom right hand corner, this
has stopped happening.
Thanks again for all your help. :thanks:
Here is the log file from Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6412
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/04/2011 11:01:28
mbam-log-2011-04-21 (11-01-28).txt
Scan type: Quick scan
Objects scanned: 162587
Time elapsed: 8 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) ->
Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(defaul
t) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Reid\Local
Settings\Application Data\qkf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good:
(firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(de
fault) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Reid\Local
Settings\Application Data\qkf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-
mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(defau
lt) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Reid\Local
Settings\Application Data\qkf.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe")
Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
(PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
(PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
(PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad:
("C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\qkf.exe" -a "%1" %
*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\matthew reid\local settings\Temp\jar_cache9002807091834287814.tmp
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
Most pf the scans we run that generate a report will open in Notepad, the next report that opens in Notepad, go to FORMAT > UNCHECK WORDWRAP, or else I wont be able to view your log correctly.
Try running this program,
Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
celticbhoy
2011-04-21, 17:04
Hi Ken
I've unchecked the wordwrap box in Notepad, hope that works better now.
Just to mention my AVG and ZoneAlarm icons came back after I rebooted
having run ATF and Malwarebytes earlier.
Here is the log from exehelper
exeHelper by Raktor
Build 20100414
Run at 14:30:05 on 04/21/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
I downloaded ComboFix and then diasbled Zone Alarm firewall
and AVG Free antivirus.
Unfortunately ComboFix won't run unless I uninstall AVG completely,
I tried to do this but the uninstall fails due to an error and produced
the report I have attached, I've attached it as it seems very wide
and thought it would be difficult to view.
I tried to uninstall it via the AVG icon in the program list and via
add/remove programs with the same result.
Many thanks again for all your help :thanks:
celticbhoy
2011-04-21, 17:10
Whoops, forgot to attach the file.
I've just tried to do this but it seems to be 6.77mb in size,
and it's in Notepad format, shall I go ahead and upload it?
Thanks
Matt
My bad on AVG, yep , CF wont run unless AVG is uninstalled. Lets do this instead. If OTL show a lot of bad stuff than we can work on uninstalling AVG but lets forget about it for the time being
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
celticbhoy
2011-04-21, 17:20
No problem :bigthumb:
Here is the otl.txt log
OTL logfile created on: 21/04/2011 15:13:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matthew Reid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,022.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.19 Gb Total Space | 58.12 Gb Free Space | 39.75% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 180.43 Gb Free Space | 77.47% Space Free | Partition Type: NTFS
Computer Name: MATTHEWREID | User Name: Matthew Reid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\SYSTEM32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (AMService) -- File not found
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FsUsbExService) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe (Teruten)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
========== Driver Services (SafeList) ==========
DRV - (RapportCerberus_25973) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys (Trusteer Ltd.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (seehcri) -- C:\WINDOWS\SYSTEM32\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\SYSTEM32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys ()
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\SYSTEM32\DRIVERS\nx6000.sys (Microsoft Corporation)
DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ss_bmdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039obex.sys (MCCI Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039mdfl.sys (MCCI Corporation)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27obex.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\SYSTEM32\DRIVERS\se27nd5.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27bus.sys (MCCI)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (lanusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\glausb.sys (GlobespanVirata Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys (Service & Quality Technology.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Amps2prt) Trust Ami PS/2 Port Mouse Driver (6) -- C:\WINDOWS\SYSTEM32\DRIVERS\Amps2prt.sys ((Standard Mouse Types))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9
FF - prefs.js..extensions.enabledItems: {64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 09:29:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}: C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F} [2011/03/28 21:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 14:36:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 14:36:18 | 000,000,000 | ---D | M]
[2009/01/18 10:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Extensions
[2009/01/18 10:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/03/31 14:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions
[2010/07/27 12:43:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 09:37:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/21 10:22:18 | 000,000,000 | ---D | M] ("TurnTool Viewer") -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions\turntoolviewer@turntool.com
[2011/03/31 14:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW REID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PAALU15A.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011/03/28 21:07:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MATTHEW REID\LOCAL SETTINGS\APPLICATION DATA\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}
[2009/03/10 09:20:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab (PhotoBox uploader)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119718089968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221673065921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.jessopsphotoexpress.com/wpp/jessopsphotoexpress/app/opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7fdf85f9-e544-11dd-b8cc-5050506f4531}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/21 15:11:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe
[2011/04/21 14:36:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/21 10:45:24 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matthew Reid\Desktop\mbam-setup.com
[2011/04/21 10:24:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Matthew Reid\Desktop\random1.com
[2011/04/21 07:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\tdsskiller
[2011/04/18 20:04:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/18 19:55:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Matthew Reid\Desktop\erunt-setup.exe
[2011/04/18 18:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\Disney 2010 1
[2011/04/15 15:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/14 18:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\Trusteer
[2011/04/14 09:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/14 09:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/13 18:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/31 09:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Application Data\Malwarebytes
[2011/03/31 09:30:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/31 09:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/31 09:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/31 09:30:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/31 09:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/29 08:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/28 21:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/28 21:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/28 21:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/28 21:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/28 21:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}
[2011/03/28 20:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Application Data\89731C4B3CC7F4B153DC37B49D04CC5B
[2011/03/28 20:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\Episode1-TicklingTheIvories
[2007/03/24 23:35:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Matthew Reid\Application Data\pcouffin.sys
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/21 15:11:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe
[2011/04/21 14:31:40 | 004,325,821 | R--- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\ComboFix.exe
[2011/04/21 14:29:43 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\exeHelper.com
[2011/04/21 14:26:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/21 14:26:08 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 14:25:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/21 14:25:23 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 10:48:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 10:47:18 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matthew Reid\Desktop\mbam-setup.com
[2011/04/21 10:26:18 | 074,931,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/21 10:24:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Matthew Reid\Desktop\random1.com
[2011/04/21 10:20:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 07:02:10 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\tdsskiller.zip
[2011/04/21 06:52:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/18 20:37:05 | 000,004,390 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\Attach.zip
[2011/04/18 19:57:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\dds.com
[2011/04/18 19:55:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Matthew Reid\Desktop\erunt-setup.exe
[2011/04/17 12:31:16 | 000,015,458 | -HS- | M] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\419159016
[2011/04/17 12:31:16 | 000,015,458 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\419159016
[2011/04/16 12:56:19 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/04/15 14:01:52 | 006,918,144 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\My Documents\My Money.mny
[2011/04/15 14:01:48 | 006,920,214 | R--- | M] () -- C:\Documents and Settings\Matthew Reid\My Documents\My Money Backup.mbf
[2011/04/14 15:21:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/02 08:56:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\Microsoft Office Word 2003 (2).lnk
[2011/03/31 14:36:26 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 14:36:26 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/31 13:28:42 | 000,001,298 | ---- | M] () -- C:\WINDOWS\Disney.ini
[2011/03/31 13:28:00 | 000,000,543 | ---- | M] () -- C:\WINDOWS\AppRun.ini
[2011/03/30 12:00:40 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/30 08:56:16 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Otukabafit.dat
[2011/03/30 08:56:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Oqagafuzac.bin
[2011/03/28 20:03:25 | 000,043,146 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\Episode1-TicklingTheIvories.zip
[2011/03/27 10:13:32 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/03/27 10:13:32 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/21 14:31:31 | 004,325,821 | R--- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\ComboFix.exe
[2011/04/21 14:29:43 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\exeHelper.com
[2011/04/21 10:48:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 07:02:06 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\tdsskiller.zip
[2011/04/18 20:37:05 | 000,004,390 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\Attach.zip
[2011/04/18 19:57:14 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\dds.com
[2011/04/16 13:10:30 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/15 21:24:51 | 000,015,458 | -HS- | C] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\419159016
[2011/04/15 21:24:51 | 000,015,458 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\419159016
[2011/04/14 18:29:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 14:36:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/30 12:00:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/28 21:07:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Otukabafit.dat
[2011/03/28 21:07:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Oqagafuzac.bin
[2011/03/28 20:03:24 | 000,043,146 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\Episode1-TicklingTheIvories.zip
[2011/01/08 11:37:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/08 11:37:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/08 11:36:44 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\$_hpcst$.hpc
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/12/20 12:00:38 | 003,750,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 18:05:59 | 000,155,841 | ---- | C] () -- C:\WINDOWS\hpwins12.dat
[2010/03/03 18:05:19 | 000,009,847 | ---- | C] () -- C:\WINDOWS\hpwscr12.dat
[2010/03/03 18:05:18 | 000,000,981 | ---- | C] () -- C:\WINDOWS\hpwmdl12.dat
[2010/02/14 14:05:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Matthew Reid.ini
[2009/12/28 15:10:34 | 000,051,360 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/14 18:12:31 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2009/03/14 14:53:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/14 14:53:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/14 14:53:49 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2008/08/31 07:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/11 10:01:19 | 000,000,063 | ---- | C] () -- C:\WINDOWS\ae2ks2mad.ini
[2008/08/11 10:00:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/04/01 19:02:51 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/04/01 19:02:50 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/04/01 19:02:50 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/04/01 19:02:50 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/04/01 19:02:50 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/04/01 19:02:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/27 08:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/24 23:35:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\ezpinst.exe
[2007/03/24 23:35:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\pcouffin.inf
[2007/03/24 23:35:47 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\pcouffin.cat
[2007/02/16 09:36:58 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2007/02/16 09:36:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2007/02/16 09:36:57 | 000,017,020 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/12/26 15:40:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/12/26 15:39:44 | 000,000,383 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/12/12 17:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/07/15 10:22:13 | 000,000,055 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/06/11 12:05:48 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/06/06 21:16:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/06/06 21:16:37 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/05/01 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/02/12 20:19:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/12/27 14:09:51 | 000,000,361 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/12/07 20:36:44 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/20 11:14:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/17 23:52:17 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/14 11:19:37 | 000,001,298 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/08/14 10:24:49 | 000,002,146 | ---- | C] () -- C:\WINDOWS\RDL4.DAT
[2005/08/14 10:23:35 | 000,000,123 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/07/03 14:18:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/06/30 21:28:35 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/06/25 16:03:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/06/25 15:56:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2005/06/25 15:56:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2005/06/25 15:56:41 | 000,000,543 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/06/25 15:55:09 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2005/06/23 19:54:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2005/06/23 17:36:04 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/06/23 15:46:58 | 000,000,201 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2005/06/19 21:14:33 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/16 20:44:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\fusioncache.dat
[2005/06/12 16:34:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/12 16:15:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/06/12 16:14:46 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/06/12 16:14:46 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/06/12 16:00:22 | 000,000,379 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 14:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/10 13:13:12 | 000,000,881 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:08:08 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 10:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/15 13:07:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2001/11/15 12:45:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2001/11/15 12:45:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2001/06/14 16:40:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2000/12/13 15:10:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
========== LOP Check ==========
[2011/04/21 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 15:27:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/11/11 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HMV
[2007/12/27 23:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/12/12 10:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/09/25 15:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2011/01/08 11:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/11/18 19:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp
[2009/01/18 10:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/27 16:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/04/12 09:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/21 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/29 16:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/04 07:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/08/15 21:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\3M
[2011/03/30 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\89731C4B3CC7F4B153DC37B49D04CC5B
[2010/09/25 14:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\AddressBar
[2009/05/19 17:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Amazon
[2010/02/15 12:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Facebook
[2005/11/17 20:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\HMV
[2005/06/15 09:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Leadertech
[2007/03/24 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\LEAPS
[2007/03/24 19:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Licence Folder Install
[2009/10/27 21:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Paltalk
[2007/03/24 19:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Pegasys Inc
[2008/02/03 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\PPMate
[2007/05/11 06:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\ppstream
[2011/01/08 11:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Samsung
[2006/08/28 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Snapfish
[2011/02/02 16:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Sony
[2011/03/13 14:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Sony Media Software and Services Inc
[2010/10/03 12:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Spotify
[2008/02/26 20:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Teleca
[2005/06/16 13:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Template
[2009/01/18 10:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\TomTom
[2009/08/27 16:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Trusteer
[2007/07/16 21:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\uTorrent(2)
[2007/07/16 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\uTorrent(3)
[2007/07/19 21:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\uTorrent(4)
[2007/07/18 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\uTorrent(5)
[2007/07/19 21:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\uTorrent(6)
[2008/09/08 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Viewpoint
[2007/03/28 08:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Reid\Application Data\Vso
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Matthew Reid\Desktop\avg9inst.log:SummaryInformation
< End of report >
celticbhoy
2011-04-21, 17:21
And here is the extras.txt log :thanks:
OTL Extras logfile created on: 21/04/2011 15:13:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matthew Reid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,022.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.19 Gb Total Space | 58.12 Gb Free Space | 39.75% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 180.43 Gb Free Space | 77.47% Space Free | Partition Type: NTFS
Computer Name: MATTHEWREID | User Name: Matthew Reid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.0\aol.exe (America Online, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (America Online, Inc.)
https [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (America Online, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE PHOTO SHOW] -- "C:\Program Files\Jessops Photo\Jessops Photo\CEWE PHOTO SHOW.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [Jessops Photo] -- "C:\Program Files\Jessops Photo\Jessops Photo\Jessops Photo.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
"C:\Program Files\Common Files\AOL\1171476281\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1171476281\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Documents and Settings\Matthew Reid\Desktop\spotify.exe" = C:\Documents and Settings\Matthew Reid\Desktop\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive
"C:\Program Files\PPLive\PPTV\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU
"C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive
"C:\Program Files\PPLive\PPVA\PPLiveVA.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA
"C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA
"C:\Program Files\PPLive\PPVA\FlvPick.exe" = C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick
"C:\Program Files\PPLive\PPVA\crashreporter.exe" = C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload
"C:\Program Files\PPLive\PPVA\PPVADownload.exe" = C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download
"C:\Program Files\PPLive\PPVA\DownloadProgress.exe" = C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\muzapp.exe" = C:\WINDOWS\SYSTEM32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BC4864E-72C5-472D-8692-0E5971E0BD36}" = BPDSoftware_Ini
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10829556-7C82-4a83-8C81-F2D98472C76B}" = H470
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A15F754-086E-4185-96F4-0BC31F1A2382}" = HP Officejet H470 Series
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6673E0F4-D376-431b-A6F4-18D1B86B4A89}" = BPDSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B349DE1-590D-4506-B272-9115EC31F7D2}" = 470_Help
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BA72A4E3-D2D0-4203-A17E-E53012B8807C}" = BPD_HPSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE5F0136-2C7C-42a7-B1B0-5F12D107A0EE}" = ProductContext
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.123
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEF19B15-9DC0-FBCF-4728-AE02501CAD62}" = Media Go Video Playback Engine 1.48.101.10090
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk)
"aoluk.MCCInstall" = AOL Broadband Check-Up
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.3
"AVG9Uninstall" = AVG Free 9.0
"BT Voyager 105 ADSL Modem" = BT Voyager 105 ADSL Modem
"BT Voyager Modem AOL Test" = BT Voyager Modem AOL Test
"DellSupport" = Dell Support 5.0.0 (630)
"Disney's Princess Fashion Boutique" = Disney's Princess Fashion Boutique
"DivX Content Uploader" = DivX Content Uploader
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"FileZilla" = FileZilla (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"Jessops" = Jessops
"Jessops Photo" = Jessops Photo
"Kodak Picture CD Volume 2 Issue 1" = Kodak Picture CD Volume 2 Issue 1
"KODAK Picture CD Volume 2 Issue 3-International English" = KODAK Picture CD Volume 2 Issue 3-International English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Rapport_msi" = Rapport
"rdl4_32.exe" = Reading Development Library 4
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"Spotify" = Spotify
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WheelMouse" = Trust Ami Mouse 250S Cordless
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18/04/2011 12:29:15 | Computer Name = MATTHEWREID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 18/04/2011 15:16:53 | Computer Name = MATTHEWREID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 18/04/2011 15:43:21 | Computer Name = MATTHEWREID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 18/04/2011 15:43:22 | Computer Name = MATTHEWREID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 19/04/2011 06:48:11 | Computer Name = MATTHEWREID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 19/04/2011 06:48:12 | Computer Name = MATTHEWREID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 21/04/2011 05:28:11 | Computer Name = MATTHEWREID | Source = ESENT | ID = 490
Description = svchost (1088) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 21/04/2011 05:28:11 | Computer Name = MATTHEWREID | Source = ESENT | ID = 439
Description = Catalog Database (1088) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error
-1032.
Error - 21/04/2011 05:28:11 | Computer Name = MATTHEWREID | Source = ESENT | ID = 473
Description = Catalog Database (1088) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.
Error - 21/04/2011 09:57:37 | Computer Name = MATTHEWREID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 21/04/2011 01:35:55 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2
Error - 21/04/2011 01:37:19 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.
Error - 21/04/2011 02:12:38 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2
Error - 21/04/2011 02:14:00 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.
Error - 21/04/2011 05:20:16 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2
Error - 21/04/2011 06:07:24 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.
Error - 21/04/2011 06:07:24 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053
Error - 21/04/2011 06:07:24 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2
Error - 21/04/2011 06:07:29 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 21/04/2011 09:26:13 | Computer Name = MATTHEWREID | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2
< End of report >
Just see a few things to remove related to Norton Anti Virus, but before we proceed I need you to check this file
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\WINDOWS\Oqagafuzac.bin<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
celticbhoy
2011-04-21, 18:46
I've submitted the file to Virus Total, sorry if I'm being a bit slow,
but where does the report show?
I have an icon named thumbs.db on the desktop I hadn't noticed
before, is that it?
Thanks
Matt
No, the report opens right on the VT site, than copy and paste it into the thread, if your having problems with it then try Jotti
celticbhoy
2011-04-21, 19:25
Just tried Jotti, it says the file is empty.
On checking it the file, it seems to be a VLC media player file, size 0 bytes?
Am I looking at the wrong file perhaps, although the name does match,
and it is in the Windows folder?
Thats fine, thanks for checking
This will remove some of the Symantec entries along with Click.Goftload
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
:Services
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top <--Not run scan
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
celticbhoy
2011-04-21, 20:25
Thanks again Ken for being so helpful :bigthumb:
Here is the OTL log that came up when I rebooted
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matthew Reid\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matthew Reid\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 30018 bytes
User: Matthew Reid
->Temp folder emptied: 3011309426 bytes
->Temporary Internet Files folder emptied: 102441499 bytes
->Java cache emptied: 121566 bytes
->FireFox cache emptied: 76268736 bytes
->Flash cache emptied: 8888789 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 47054 bytes
User: Owner
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2519057 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84597136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 75481004 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7135582 bytes
Total Files Cleaned = 3,213.00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_181347
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF13D0.tmp not found!
File\Folder C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF13F8.tmp not found!
File\Folder C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF14A0.tmp not found!
File\Folder C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF14B7.tmp not found!
File\Folder C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF15E4.tmp not found!
File\Folder C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF15FD.tmp not found!
C:\Documents and Settings\Matthew Reid\Local Settings\Temp\~DF684D.tmp moved successfully.
C:\Documents and Settings\Matthew Reid\Local Settings\Temporary Internet Files\Content.IE5\307V7GQ5\showthread[2].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT04967.TMP not found!
Registry entries deleted on Reboot...
celticbhoy
2011-04-21, 20:31
And here is the latest OTL log.... :)
OTL logfile created on: 21/04/2011 18:26:30 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matthew Reid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,022.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.19 Gb Total Space | 61.16 Gb Free Space | 41.83% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 180.43 Gb Free Space | 77.47% Space Free | Partition Type: NTFS
Computer Name: MATTHEWREID | User Name: Matthew Reid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\SYSTEM32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (AMService) -- File not found
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FsUsbExService) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe (Teruten)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
========== Driver Services (SafeList) ==========
DRV - (RapportCerberus_25973) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys (Trusteer Ltd.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (seehcri) -- C:\WINDOWS\SYSTEM32\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\SYSTEM32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys ()
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\SYSTEM32\DRIVERS\nx6000.sys (Microsoft Corporation)
DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ss_bmdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039obex.sys (MCCI Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\s1039mdfl.sys (MCCI Corporation)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27obex.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\SYSTEM32\DRIVERS\se27nd5.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27bus.sys (MCCI)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (lanusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\glausb.sys (GlobespanVirata Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys (Service & Quality Technology.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Amps2prt) Trust Ami PS/2 Port Mouse Driver (6) -- C:\WINDOWS\SYSTEM32\DRIVERS\Amps2prt.sys ((Standard Mouse Types))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9
FF - prefs.js..extensions.enabledItems: {64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 09:29:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}: C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F} [2011/03/28 21:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 14:36:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 14:36:18 | 000,000,000 | ---D | M]
[2009/01/18 10:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Extensions
[2009/01/18 10:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/03/31 14:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions
[2010/07/27 12:43:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 09:37:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/21 10:22:18 | 000,000,000 | ---D | M] ("TurnTool Viewer") -- C:\Documents and Settings\Matthew Reid\Application Data\Mozilla\Firefox\Profiles\paalu15a.default\extensions\turntoolviewer@turntool.com
[2011/03/31 14:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW REID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PAALU15A.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011/03/28 21:07:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MATTHEW REID\LOCAL SETTINGS\APPLICATION DATA\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}
[2009/03/10 09:20:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/04/21 18:16:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab (PhotoBox uploader)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119718089968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221673065921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.jessopsphotoexpress.com/wpp/jessopsphotoexpress/app/opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7fdf85f9-e544-11dd-b8cc-5050506f4531}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/21 18:13:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/21 18:12:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 18:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\erunt
[2011/04/21 15:11:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe
[2011/04/21 14:36:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/21 10:45:24 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matthew Reid\Desktop\mbam-setup.com
[2011/04/21 10:24:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Matthew Reid\Desktop\random1.com
[2011/04/21 07:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\tdsskiller
[2011/04/18 20:04:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/18 19:55:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Matthew Reid\Desktop\erunt-setup.exe
[2011/04/18 18:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\Disney 2010 1
[2011/04/15 15:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/14 18:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\Trusteer
[2011/04/14 09:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/14 09:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/13 18:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/31 09:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Application Data\Malwarebytes
[2011/03/31 09:30:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/31 09:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/31 09:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/31 09:30:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/31 09:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/29 08:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/28 21:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/28 21:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/28 21:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/28 21:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/28 21:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\{64C4D745-A1D1-4BBB-9ED8-AE72E33EBF0F}
[2011/03/28 20:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Application Data\89731C4B3CC7F4B153DC37B49D04CC5B
[2011/03/28 20:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Reid\Desktop\Episode1-TicklingTheIvories
[2007/03/24 23:35:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Matthew Reid\Application Data\pcouffin.sys
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
========== Files - Modified Within 30 Days ==========
[2011/04/21 18:22:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/21 18:21:28 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 18:21:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/21 18:21:09 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 18:20:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 18:16:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/04/21 18:09:57 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\erunt.zip
[2011/04/21 15:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/21 15:11:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Reid\Desktop\OTL.exe
[2011/04/21 14:31:40 | 004,325,821 | R--- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\ComboFix.exe
[2011/04/21 14:29:43 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\exeHelper.com
[2011/04/21 10:48:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 10:47:18 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matthew Reid\Desktop\mbam-setup.com
[2011/04/21 10:26:18 | 074,931,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/21 10:24:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Matthew Reid\Desktop\random1.com
[2011/04/21 07:02:10 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\tdsskiller.zip
[2011/04/21 06:52:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/18 20:37:05 | 000,004,390 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\Attach.zip
[2011/04/18 19:57:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\dds.com
[2011/04/18 19:55:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Matthew Reid\Desktop\erunt-setup.exe
[2011/04/17 12:31:16 | 000,015,458 | -HS- | M] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\419159016
[2011/04/17 12:31:16 | 000,015,458 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\419159016
[2011/04/16 12:56:19 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/04/15 14:01:52 | 006,918,144 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\My Documents\My Money.mny
[2011/04/15 14:01:48 | 006,920,214 | R--- | M] () -- C:\Documents and Settings\Matthew Reid\My Documents\My Money Backup.mbf
[2011/04/02 08:56:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\Microsoft Office Word 2003 (2).lnk
[2011/03/31 14:36:26 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 14:36:26 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/31 13:28:42 | 000,001,298 | ---- | M] () -- C:\WINDOWS\Disney.ini
[2011/03/31 13:28:00 | 000,000,543 | ---- | M] () -- C:\WINDOWS\AppRun.ini
[2011/03/30 12:00:40 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/30 08:56:16 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Otukabafit.dat
[2011/03/30 08:56:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Oqagafuzac.bin
[2011/03/28 20:03:25 | 000,043,146 | ---- | M] () -- C:\Documents and Settings\Matthew Reid\Desktop\Episode1-TicklingTheIvories.zip
[2011/03/27 10:13:32 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/03/27 10:13:32 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
========== Files Created - No Company Name ==========
[2011/04/21 18:09:55 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\erunt.zip
[2011/04/21 14:31:31 | 004,325,821 | R--- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\ComboFix.exe
[2011/04/21 14:29:43 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\exeHelper.com
[2011/04/21 10:48:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 07:02:06 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\tdsskiller.zip
[2011/04/18 20:37:05 | 000,004,390 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\Attach.zip
[2011/04/18 19:57:14 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\dds.com
[2011/04/16 13:10:30 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/15 21:24:51 | 000,015,458 | -HS- | C] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\419159016
[2011/04/15 21:24:51 | 000,015,458 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\419159016
[2011/04/14 18:29:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 14:36:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/30 12:00:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/28 21:07:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Otukabafit.dat
[2011/03/28 21:07:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Oqagafuzac.bin
[2011/03/28 20:03:24 | 000,043,146 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Desktop\Episode1-TicklingTheIvories.zip
[2011/01/08 11:37:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/08 11:37:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/08 11:36:44 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\$_hpcst$.hpc
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/12/20 12:00:38 | 003,750,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 18:05:59 | 000,155,841 | ---- | C] () -- C:\WINDOWS\hpwins12.dat
[2010/03/03 18:05:19 | 000,009,847 | ---- | C] () -- C:\WINDOWS\hpwscr12.dat
[2010/03/03 18:05:18 | 000,000,981 | ---- | C] () -- C:\WINDOWS\hpwmdl12.dat
[2010/02/14 14:05:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Matthew Reid.ini
[2009/12/28 15:10:34 | 000,051,360 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/14 18:12:31 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2009/03/14 14:53:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/14 14:53:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/14 14:53:49 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2008/08/31 07:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/11 10:01:19 | 000,000,063 | ---- | C] () -- C:\WINDOWS\ae2ks2mad.ini
[2008/08/11 10:00:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/04/01 19:02:51 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/04/01 19:02:50 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/04/01 19:02:50 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/04/01 19:02:50 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/04/01 19:02:50 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/04/01 19:02:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/27 08:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/24 23:35:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\ezpinst.exe
[2007/03/24 23:35:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\pcouffin.inf
[2007/03/24 23:35:47 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Application Data\pcouffin.cat
[2007/02/16 09:36:58 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2007/02/16 09:36:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2007/02/16 09:36:57 | 000,017,020 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/12/26 15:40:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/12/26 15:39:44 | 000,000,383 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/12/12 17:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/07/15 10:22:13 | 000,000,055 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/06/11 12:05:48 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/06/06 21:16:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/06/06 21:16:37 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/05/01 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/02/12 20:19:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/12/27 14:09:51 | 000,000,361 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/12/07 20:36:44 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/20 11:14:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/17 23:52:17 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/14 11:19:37 | 000,001,298 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/08/14 10:24:49 | 000,002,146 | ---- | C] () -- C:\WINDOWS\RDL4.DAT
[2005/08/14 10:23:35 | 000,000,123 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/07/03 14:18:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/06/30 21:28:35 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/06/25 16:03:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/06/25 15:56:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2005/06/25 15:56:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2005/06/25 15:56:41 | 000,000,543 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/06/25 15:55:09 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2005/06/23 19:54:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2005/06/23 17:36:04 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/06/23 15:46:58 | 000,000,201 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2005/06/19 21:14:33 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/16 20:44:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Matthew Reid\Local Settings\Application Data\fusioncache.dat
[2005/06/12 16:34:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/12 16:15:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/06/12 16:14:46 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/06/12 16:14:46 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/06/12 16:00:22 | 000,000,379 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 14:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/10 13:13:12 | 000,000,881 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:08:08 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 10:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/15 13:07:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2001/11/15 12:45:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2001/11/15 12:45:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2001/06/14 16:40:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2000/12/13 15:10:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Matthew Reid\Desktop\avg9inst.log:SummaryInformation
< End of report >
Looking good, how are things running now ?
celticbhoy
2011-04-21, 20:57
Fine I think, been too scared to open anything though!!
Just tried to open a few programs that weren't working before,
and they are opening fine. :bigthumb:
Should I enable my AVG Anti virus again?
Is there anything else I could do to stop this happening again,
better anti virus etc???
Thanks so much again
Matt
Well, as far as Anti Virus , what one finds another may not but AVG is free and its fine so if you like it go ahead and reinstall it.
Here are some links for info and some free tools to install to help keep you more secure.
Open OTL and click on CleanUp and it will remove programs we have used and there backups from your system
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
celticbhoy
2011-04-21, 22:20
Everything seems to be working fine now Ken :thanks:
There is a file called thumbs.db left on the desktop, should I
just leave it there?
Thank you for all your help and the links you posted, I'll
make sure I have a read through them.
And I'll be sure to make a donation at the end of the month,
it's the least I can do for all your help.
Thanks again :thanks:
Yes, that file is safe to delete, if it wont delete because its used by another program just boot to safemode to remove it
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Thanks for your offer of a donation, all donations big or small just go for malware research and to help keep us online.
Take care,
Ken :)
celticbhoy
2011-04-23, 09:42
Hi Ken
I was able to delete the file without any problems :)
And the pc seems to be running fine, I'm so relieved.
Just one quick question, is it worth running the ATF cleaner
every week or so? I notice it also has an option for cleaning
up Firefox too, would I need to run both?
I prefer Firefox, my other half uses IE.
Thanks again :thanks:
Hi,
You can run ATF cleaner as often as you wish, I have it on all of my systems and run it about once a week, all it does is clean out all the clutter that bogs systems down. You can run it for Firefox also. Cookies will build up and cause clutter also but if you remove them and forget your log in and passwords for some sites than you may not be able to get into them , what I do is clear cookies about once a month and the other times I check select all and then uncheck cookies. Just remember to write you log ins and passwords down on a piece of paper so you wont lose them
Ken :)
celticbhoy
2011-04-24, 11:35
Will do, thanks again :thanks: