Hi
I do not see the Start > Run part.
When I click on the fsbl icon it comes straight up with the licence agreement. So I can’t see where to copy and paste into.
Hi
I do not see the Start > Run part.
When I click on the fsbl icon it comes straight up with the licence agreement. So I can’t see where to copy and paste into.
Hi Stas_1
from your Desktop, Start Menu (left corner )I do not see the Start > Run part.
Click on Start > Run and copy and paste in the following: C:\fsbl.exe /expert. Click OK.
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
10/04/08 20:23:34 [Info]: BlackLight Engine 2.2.1092 initialized
10/04/08 20:23:34 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/04/08 20:23:34 [Note]: 7019 4
10/04/08 20:23:34 [Note]: 7005 0
10/04/08 20:24:06 [Note]: 7006 0
10/04/08 20:24:06 [Note]: 7011 1188
10/04/08 20:24:06 [Note]: 7035 0
10/04/08 20:24:06 [Note]: 7026 0
10/04/08 20:24:06 [Note]: 7026 0
10/04/08 20:24:10 [Note]: FSRAW library version 1.7.1024
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:11 [Note]: 2000 1012
10/04/08 20:34:42 [Note]: 7007 0
Hope you are having a plesant weekend.
Stas
Hi Stas_1
Those scans certainly came up clean. I don't believe your "display a message issue" is malware related.
please visit this page:
Online Armor Help Center
and read
Understanding Popups
Frequently Asked Questions
and post back if it helped.
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
Hi Peku006
More than the online armour warnings I was more concerned about the other symptoms (mentioned in first post). For example, Spybot at all times used to pick up excite (the search engine) and want to delete it. It seems to have stopped picking up cookies and wont immunise against them in Opera.
I was thinking if perhaps this might be a clue to the problem.
Hi Stas_1
do a search in Spybot-S&D forum re Opera immunisation.
http://forums.spybot.info/showthread.php?t=33733
Or anything related to Spybot,
http://forums.spybot.info/forumdisplay.php?f=4
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
Thank you for your help peku006
Just a pity we couldn’t find the problem. Would be interesting to know if any of your colleagues have encountered a similar situation.
Wishing you all the success for the future
Hi Peku006
I whent back to the other forum section to ask how to immunize Opera.
Zenobia sent me back to you to ask if you were done or were planning on checking for anything else?
Hi Stas_1
Let us take a deeper look.
- Please download OTViewIt by OldTimer and save it to your Desktop.
- Close all applications and windows.
- Double-click on the OTViewIt.exeto start OTViewIt.
- Place a checkmark in the blue-colored "Scan All Users" checkbox.
- Click the blue Run Scan button.
- OTViewIt will now start its scan.
- When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
I though I would also mention that the C drive is really running out of space. I know that I have quite a few things of there and we downloaded a couple of programs with you (doubt they amount to much at all), but when the computer is working normally there is allot more space.
This has happened before as well when a virus seems to gradually fill up drive space.
OTViewIt Extras logfile created on: 18/10/2008 13:27:49 - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\oemstudent\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.48 Mb Total Physical Memory | 349.56 Mb Available Physical Memory | 45.55% Memory free
1.08 Gb Paging File | 0.72 Gb Available in Paging File | 66.97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.26 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive D: | 27.49 Gb Total Space | 5.22 Gb Free Space | 18.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STANISLAVS
Current User Name: oemstudent
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- D:\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- D:\My Documents\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/09/12 04:45:28 | 00,224,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/11 17:46:50 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3A46094F-D603-4C6C-9F1D-8E806781F195}"=Read and Write 6
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.41 .1
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}"=Microsoft AutoRoute 2006
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90110409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}"=ABBYY FineReader 6.0 Professional
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}"=Logitech User's Guide
"{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}"=Opera 9.60
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Applet_App"=Applet_App
"Applet_Copy"=Applet_Copy
"Applet_Creativity"=Applet_Creativity
"Applet_Email"=Applet_Email
"Applet_Epp"=Applet_Epp
"Applet_File"=Applet_File
"Applet_OCR"=Applet_OCR
"Applet_Web"=Applet_Web
"ArcSoft PhotoImpression 3.0"=ArcSoft PhotoImpression 3.0
"avast!"=avast! Antivirus
"BitLord"=BitLord 1.1
"BroadJump Client Foundation"=BroadJump Client Foundation
"Copy Utility"=Copy Utility
"EPSON Photo Print"=EPSON Photo Print
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Smart Panel"=EPSON Smart Panel
"EsetOnlineScanner"=ESET Online Scanner
"HijackThis"=HijackThis 2.0.2
"Inspiration 6 UK"=Inspiration 6 UK
"IObit SmartDefrag Beta4.01_is1"=IObit SmartDefrag Beta4.01
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.79 Standard
"LHTTSENG"=L&H TTS3000 British English
"Logitech Resource Center"=Logitech Resource Center
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"OnlineArmor_is1"=Online Armor 2.1
"PFConfig"=PFConfig 1.0.187
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SLAMRNTV"=WS-5614PASG
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"SUPER ©"=SUPER © Version 2008.bld.25 (Feb 5, 2008)
"tv_enua"=Lernout & Hauspie TruVoice American English TTS Engine
"VirtualCloneDrive"=VirtualCloneDrive
"VLC media player"=VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 20/09/2007 04:39:55 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Scan of "F:\VirtualCloneDrive" area failed with 00000017 error (function
avfilesScanReal failed).
Error - 20/09/2007 09:05:41 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Scan of "F:\" area failed with 00000003 error (function avfilesScanReal
failed).
Error - 14/10/2007 12:24:25 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'OUTLOOK--HeurTimePeriodCheckFlags', '0');" failed. Error description:
"unable to open database file [14]".
Error - 16/10/2007 07:46:37 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Scan of "F:\BitLord\Downloads\L7 discography" area failed with 00000017
error (function avfilesScanReal failed).
Error - 16/10/2007 14:31:27 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Scan of "F:\VirtualCloneDrive" area failed with 00000017 error (function
avfilesScanReal failed).
Error - 16/10/2007 14:32:00 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Scan of "F:\BitLord\rules" area failed with 00000017 error (function
avfilesScanReal failed).
Error - 16/10/2007 14:32:02 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Scan of "F:\BitLord\lang" area failed with 00000017 error (function
avfilesScanReal failed).
Error - 03/11/2007 17:55:00 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\BitLord\Downloads\Best of 2000- Gypsy Folk Groups from Hungary\AlbumArt_{C772D38C-7CFB-49A8-B1A9-7F85AF2E8417}_Large.jpg
failed, 0000A420.
Error - 22/05/2008 10:07:49 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
Error - 09/08/2008 15:28:14 | Computer Name = STANISLAVS | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
[ Application Events ]
Error - 19/08/2008 15:25:27 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- There is a problem with this Windows Installer
package. A program required for this install to complete could not be run. Contact
your support personnel or package vendor.
Error - 19/08/2008 15:25:27 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 11721
Description = Product: Apple Software Update -- Error 1721. There is a problem with
this Windows Installer package. A program required for this install to complete
could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
Error - 19/09/2008 03:03:11 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 1013
Description = Product: QuickTime -- There is a problem with this Windows Installer
package. A program required for this install to complete could not be run. Contact
your support personnel or package vendor.
Error - 19/09/2008 03:03:11 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 11721
Description = Product: Apple Software Update -- Error 1721. There is a problem with
this Windows Installer package. A program required for this install to complete
could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
Error - 19/09/2008 05:15:36 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- There is a problem with this Windows Installer
package. A program required for this install to complete could not be run. Contact
your support personnel or package vendor.
Error - 19/09/2008 05:15:36 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 11721
Description = Product: Apple Software Update -- Error 1721. There is a problem with
this Windows Installer package. A program required for this install to complete
could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
Error - 01/10/2008 04:47:25 | Computer Name = STANISLAVS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 01/10/2008 04:47:25 | Computer Name = STANISLAVS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 14/10/2008 06:22:27 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- There is a problem with this Windows Installer
package. A program required for this install to complete could not be run. Contact
your support personnel or package vendor.
Error - 14/10/2008 06:22:27 | Computer Name = STANISLAVS | Source = MsiInstaller | ID = 11721
Description = Product: Apple Software Update -- Error 1721. There is a problem with
this Windows Installer package. A program required for this install to complete
could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
[ System Events ]
Error - 17/10/2008 08:21:39 | Computer Name = STANISLAVS | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%5
Error - 17/10/2008 08:21:39 | Computer Name = STANISLAVS | Source = Service Control Manager | ID = 7000
Description = The Rmfc7 service failed to start due to the following error: %%2
Error - 17/10/2008 11:45:26 | Computer Name = STANISLAVS | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%5
Error - 17/10/2008 11:45:26 | Computer Name = STANISLAVS | Source = Service Control Manager | ID = 7000
Description = The Rmfc7 service failed to start due to the following error: %%2
Error - 17/10/2008 11:45:58 | Computer Name = STANISLAVS | Source = Dhcp | ID = 1002
Description = The IP address lease 86.20.41.105 for the Network Card with network
address 0004E232FF3D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 17/10/2008 11:46:18 | Computer Name = STANISLAVS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 0004E232FF3D.
Error - 18/10/2008 05:01:39 | Computer Name = STANISLAVS | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%5
Error - 18/10/2008 05:01:39 | Computer Name = STANISLAVS | Source = Service Control Manager | ID = 7000
Description = The Rmfc7 service failed to start due to the following error: %%2
Error - 18/10/2008 05:02:11 | Computer Name = STANISLAVS | Source = Dhcp | ID = 1002
Description = The IP address lease 86.20.41.105 for the Network Card with network
address 0004E232FF3D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 05:02:33 | Computer Name = STANISLAVS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 0004E232FF3D.
< End of report >
OTViewIt logfile created on: 18/10/2008 13:27:49 - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\oemstudent\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.48 Mb Total Physical Memory | 349.56 Mb Available Physical Memory | 45.55% Memory free
1.08 Gb Paging File | 0.72 Gb Available in Paging File | 66.97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.26 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive D: | 27.49 Gb Total Space | 5.22 Gb Free Space | 18.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STANISLAVS
Current User Name: oemstudent
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/04/17 05:25:28 | 05,435,968 | ---- | M] (Tall Emu) -- D:\My Documents\Online Armor\oasrv.exe
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2001/11/21 07:14:00 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\slserv.exe
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2001/09/19 09:41:00 | 00,035,328 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2008/07/19 15:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/10/19 13:25:54 | 02,736,384 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
[2008/04/17 05:25:26 | 05,545,536 | ---- | M] (Tall Emu ) -- D:\My Documents\Online Armor\oaui.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- D:\My Documents\iTunes\iTunesHelper.exe
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/11/12 11:48:46 | 00,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2008/08/18 18:41:00 | 01,832,272 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/08/11 17:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008/10/18 13:26:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\oemstudent\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
File not found -- -- (NMIndexingService [Disabled | Stopped])
[2001/11/21 07:14:00 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\slserv.exe -- (SLService [Auto | Running])
[2008/04/17 05:25:28 | 05,435,968 | ---- | M] (Tall Emu) -- D:\My Documents\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ==========
[2008/07/19 15:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2001/08/17 20:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2004/08/03 22:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\SYSTEM32\drivers\an983.sys -- (AN983 [On_Demand | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2008/07/19 15:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 15:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 15:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 15:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 15:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2006/04/22 02:44:39 | 00,008,064 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SYSTEM32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/04/12 09:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SYSTEM32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 14:52:24 | 00,038,144 | ---- | M] (HighPoint Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\hpt3xx.sys -- (hpt3xx [Boot | Running])
[2001/09/19 10:11:00 | 00,050,432 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\drivers\L8042Pr2.sys -- (l8042pr2 [On_Demand | Running])
[2001/09/19 10:11:00 | 00,005,840 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\drivers\LKbdFlt2.sys -- (LKbdFlt2 [On_Demand | Running])
[2001/09/19 10:11:00 | 00,067,440 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\drivers\LMouFlt2.sys -- (LMouFlt2 [On_Demand | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2002/02/23 07:00:56 | 00,181,472 | R--- | M] () -- C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2002/02/05 09:21:42 | 02,388,228 | R--- | M] () -- C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2001/11/29 09:09:20 | 00,607,732 | R--- | M] () -- C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 20:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4 [On_Demand | Stopped])
[2008/04/17 05:25:32 | 00,080,584 | ---- | M] () -- C:\WINDOWS\SYSTEM32\drivers\OADriver.sys -- (OADevice [System | Running])
[2008/04/17 05:25:42 | 00,032,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\drivers\OAmon.sys -- (OAmon [System | Running])
[2008/04/17 05:25:38 | 00,028,872 | ---- | M] () -- C:\WINDOWS\SYSTEM32\drivers\oanet.sys -- (OAnet [System | Running])
[2001/08/17 14:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/01/04 22:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2002/02/19 07:55:24 | 00,411,464 | R--- | M] ( ) -- C:\WINDOWS\SYSTEM32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])
[2002/02/05 09:26:08 | 00,181,328 | R--- | M] ( ) -- C:\WINDOWS\SYSTEM32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2001/11/29 09:09:28 | 00,033,028 | R--- | M] (Vireo Software) -- C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2007/03/27 17:16:58 | 00,646,392 | ---- | M] () -- C:\WINDOWS\SYSTEM32\drivers\sptd.sys -- (sptd [Boot | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2001/11/29 09:09:32 | 01,432,836 | R--- | M] ( ) -- C:\WINDOWS\SYSTEM32\drivers\v90drv.sys -- (V90drv [On_Demand | Stopped])
[2006/04/22 20:59:21 | 00,024,320 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SYSTEM32\drivers\VClone.sys -- (VClone [Boot | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.ntlworld.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.ntlworld.com/
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local
========== (O1) Hosts File ==========
HOSTS File = (223824 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
7852 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{6165D324-3AAF-4C63-B545-C7D2285BEA1C} (HKLM) -- C:\Program Files\ReadAndWrite6\thbho.dll (textHELP Systems Ltd)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="D:\My Documents\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe File not found
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE (Logitech Inc. )
"iTunesHelper"="D:\My Documents\iTunes\iTunesHelper.exe" (Apple Inc.)
"OnlineArmor GUI"="D:\My Documents\Online Armor\oaui.exe" (Tall Emu )
"QuickTime Task"="D:\My Documents\qttask.exe" -atboottime (Apple Inc.)
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"VirtualCloneDrive"="F:\VirtualCloneDrive\VCDDaemon.exe" /s File not found
"WinampAgent"="d:\My Documents\Winamp\winampa.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
========== (O4) Startup Folders ==========
[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [1999/03/31 09:53:22 | 00,933,648 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [1999/03/31 09:53:22 | 00,933,648 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
excite.com\www: http in My Computer
46 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
31 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
31 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1083768841-1909347950-600669434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
excite.com\www: http in My Computer
46 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get...nt/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ==========
{1809FEDC-1A7D-493A-93FB-72A99825E6DC} (Servers: | Description: SMC EZ Card 10/100 Fast Ethernet PCI Network Adapter)
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}" (HKLM) -- D:\MYDOCU~1\ONLINE~1\oaevent.dll (Tall Emu)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2001/10/23 21:54:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1ee6ec6-dc7e-11db-a09d-0004e232ff3d}\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1ee6ec6-dc7e-11db-a09d-0004e232ff3d}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1ee6ec6-dc7e-11db-a09d-0004e232ff3d}\Shell\AutoRun\command]
""=H:\cd2run.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2008/10/18 13:26:47 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\oemstudent\Desktop\OTViewIt.exe
[2008/10/13 17:01:27 | 00,000,000 | ---D | C] -- d:\My Documents\Azureus Downloads
[2008/10/13 16:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/10/13 16:42:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\oemstudent\Application Data\Azureus
[2008/10/13 16:41:20 | 00,000,000 | ---D | C] -- C:\Program Files\AskSBar
[2008/10/08 19:38:35 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2008/10/05 21:09:54 | 00,021,504 | ---- | C] () -- d:\My Documents\Jacky next.doc
[2008/10/04 14:49:12 | 01,137,360 | ---- | C] (F-Secure Corporation) -- C:\fsbl.exe
[2008/10/04 09:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/10/03 15:47:31 | 00,000,000 | ---D | C] -- d:\My Documents\FixPolicies
[2008/10/03 15:46:22 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\oemstudent\Desktop\FixPolicies.exe
[2008/09/30 20:46:22 | 00,000,000 | ---D | C] -- d:\My Documents\OTScanIt
[2008/09/30 20:45:15 | 00,576,581 | ---- | C] () -- d:\My Documents\OTScanIt.exe
[2008/09/30 18:28:15 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/30 18:26:21 | 00,305,705 | ---- | C] () -- d:\My Documents\RSIT.exe
[2008/09/27 19:14:03 | 00,027,648 | ---- | C] () -- d:\My Documents\legal3.doc
[2008/09/27 19:10:40 | 00,027,136 | ---- | C] () -- d:\My Documents\legal2.doc
[2008/09/27 19:02:54 | 00,027,648 | ---- | C] () -- d:\My Documents\legal.doc
[2008/09/19 10:39:22 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\oemstudent\Desktop\HijackThis.lnk
[2008/09/19 10:39:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/19 10:37:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- d:\My Documents\HJTInstall.exe
[2008/09/19 10:21:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/19 10:20:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/19 10:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/19 08:04:50 | 00,000,000 | ---D | C] -- d:\My Documents\Plugins
[2008/09/19 08:04:23 | 00,001,235 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/09/19 08:04:18 | 00,000,000 | ---D | C] -- d:\My Documents\QuickTimePlayer.Resources
[2008/09/19 08:04:09 | 00,000,000 | ---D | C] -- d:\My Documents\PictureViewer.Resources
[2008/09/19 08:04:02 | 00,000,000 | ---D | C] -- d:\My Documents\PropertyPanels
[2008/09/19 08:03:45 | 00,000,000 | ---D | C] -- d:\My Documents\QTSystem
[2008/09/19 08:03:45 | 00,000,000 | ---D | C] -- d:\My Documents\QTComponents
[2008/09/19 07:52:14 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
========== Files - Modified Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/18 13:26:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\oemstudent\Desktop\OTViewIt.exe
[2008/10/18 10:01:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 10:01:28 | 00,073,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2008/10/18 10:01:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/16 17:37:40 | 00,223,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/16 16:42:10 | 00,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 15:36:26 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 17:04:30 | 00,006,372 | ---- | M] () -- d:\My Documents\SharePodSettings.xml
[2008/10/15 15:44:44 | 00,021,504 | ---- | M] () -- d:\My Documents\Jacky next.doc
[2008/10/14 11:22:29 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/08 19:38:35 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/07 14:43:49 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/05 14:34:15 | 00,223,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081016-173739.backup
[2008/10/04 14:49:12 | 01,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2008/10/03 15:46:22 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\oemstudent\Desktop\FixPolicies.exe
[2008/10/01 08:31:46 | 00,223,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081005-143414.backup
[2008/09/30 20:45:16 | 00,576,581 | ---- | M] () -- d:\My Documents\OTScanIt.exe
[2008/09/30 18:26:24 | 00,305,705 | ---- | M] () -- d:\My Documents\RSIT.exe
[2008/09/27 19:14:04 | 00,027,648 | ---- | M] () -- d:\My Documents\legal3.doc
[2008/09/27 19:10:42 | 00,027,136 | ---- | M] () -- d:\My Documents\legal2.doc
[2008/09/27 19:02:56 | 00,027,648 | ---- | M] () -- d:\My Documents\legal.doc
[2008/09/21 22:00:00 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2008/09/19 10:39:22 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\oemstudent\Desktop\HijackThis.lnk
[2008/09/19 10:37:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- d:\My Documents\HJTInstall.exe
[2008/09/19 08:56:36 | 05,899,846 | -H-- | M] () -- C:\Documents and Settings\oemstudent\Local Settings\Application Data\IconCache.db
[2008/09/19 08:04:24 | 00,001,235 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/09/19 07:52:14 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/09/19 07:43:11 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2008/09/19 07:42:22 | 00,001,287 | ---- | M] () -- C:\Documents and Settings\oemstudent\Desktop\DivX Movies.lnk
< End of report >
Posting Permissions
