Jump to content

Alan Vowles

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Elise thanks for very fast response. Below please find OTL reports as requested, I cant get to the system at the moment to do the GMER while it's offline but perhaps you can help from just the OTL reports, I hope so? Regards Alan OTL logfile created on: 01/03/2010 11:35:49 - Run 1 OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 18.39 Gb Free Space | 24.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALLAN-SQGSQB2SI Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/03/01 11:34:41 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe PRC - [2010/01/16 03:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/10/01 18:23:31 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2009/10/01 18:23:18 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/11 14:12:00 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2009/07/02 17:36:52 | 000,203,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe PRC - [2008/02/27 16:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe PRC - [2007/12/25 21:52:22 | 000,036,864 | ---- | M] (Juniper Networks) -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe PRC - [2007/09/12 09:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2007/09/12 09:20:58 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe ========== Modules (SafeList) ========== MOD - [2010/03/01 11:34:41 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/10/01 18:23:31 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService) SRV - [2007/12/25 21:52:22 | 000,036,864 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe -- (Neoteris Setup Service) SRV - [2007/09/12 09:20:58 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2007/01/25 17:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2009/10/01 18:23:19 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/11/20 19:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008/10/17 17:22:07 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/09/12 09:20:28 | 000,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr) DRV - [2007/01/25 17:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2006/04/12 10:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006/04/12 10:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2006/04/12 10:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2005/10/19 07:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/05 21:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/07/16 20:42:18 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2003/07/14 10:28:36 | 000,021,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npapimon.sys -- (npapimon) DRV - [2003/07/14 10:28:26 | 000,010,900 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssdiagn.sys -- (ssdiagn) DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln) DRV - [2003/05/23 11:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003/04/15 09:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) DRV - [2003/04/15 09:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) DRV - [2003/02/28 08:17:18 | 000,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2002/04/01 12:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1) DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.btinternet.com/ IE - HKU\S-1-5-21-1482476501-261478967-839522115-1003\S-1-5-21-1482476501-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-261478967-839522115-1003\S-1-5-21-1482476501-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1482476501-261478967-839522115-1005\S-1-5-21-1482476501-261478967-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.btinternet.com/" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87 FF - prefs.js..extensions.enabledItems: {955245CF-9D8C-4390-B2D0-1030B948D519}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{955245CF-9D8C-4390-B2D0-1030B948D519}: C:\Documents and Settings\Owner\Local Settings\Application Data\{955245CF-9D8C-4390-B2D0-1030B948D519} [2010/02/17 15:51:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 11:28:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/01 11:28:01 | 000,000,000 | ---D | M] [2008/08/27 18:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2010/02/20 12:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14gcdgep.default\extensions [2009/07/13 22:01:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14gcdgep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2007/10/27 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14gcdgep.default\extensions\en-GB@dictionaries.addons.mozilla.org [2008/02/24 19:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\14gcdgep.default\extensions\moveplayer@movenetworks.com [2010/02/20 11:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll [2007/06/18 08:42:56 | 000,101,888 | ---- | M] (CounterPath Solutions, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPEyeCheck.dll [2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/07/13 18:52:23 | 000,000,144 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.62 itsecure.microsoft.com O1 - Hosts: 209.44.111.62 avremover-pro.com O1 - Hosts: 209.44.111.62 www.avremover-pro.com O2 - BHO: (no name) - {056598C1-51B7-40BB-9402-9705F4169C50} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (no name) - {ee8b706c-6eee-49da-9f93-e36e499442e2} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1482476501-261478967-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKU\S-1-5-21-1482476501-261478967-839522115-1003..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O7 - HKU\S-1-5-21-1482476501-261478967-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1482476501-261478967-839522115-1003\..Trusted Domains: redbridge.gov.uk ([remote] https in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BE6A92D-D51C-4659-B372-BB18C99BC439} http://ce0.cacheus.com/_S/ppmate/PPMATE.CAB (PMChannel Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1193256886571 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopcast.cn/download/SOPCORE.CAB (SopCore Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab (Image Uploader 3.0 Control) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.redbridge.gov.uk/dana-cached...perSetupSP1.cab (JuniperSetupControlXP Class) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.redbridge.gov.uk/dana-cached...SetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnkjJba) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/10/23 21:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{dea83df4-8aaf-11dc-8654-000f1f4ca44c}\Shell - "" = AutoRun O33 - MountPoints2\{dea83df4-8aaf-11dc-8654-000f1f4ca44c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dea83df4-8aaf-11dc-8654-000f1f4ca44c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/27 09:50:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010/02/27 01:17:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent [2010/02/19 11:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IDP [2010/02/19 11:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IDP [2010/02/17 15:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{955245CF-9D8C-4390-B2D0-1030B948D519} [2010/02/16 18:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/02/16 18:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/02/16 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/02/11 23:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp [2010/02/09 21:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/02/06 17:52:55 | 000,588,288 | ---- | C] (Internet Pictures Corp.) -- C:\WINDOWS\System32\Ipx32d56.dll [2010/02/06 17:52:55 | 000,448,000 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\MM32DCMP.DLL [2010/02/06 17:52:55 | 000,028,672 | ---- | C] (IPIX) -- C:\WINDOWS\ipUnInst.exe [2010/02/06 17:52:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache [2010/01/05 11:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/01/05 11:40:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010/01/05 11:40:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010/01/05 11:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/09/09 17:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2009/02/09 17:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/02/03 15:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2008/05/07 16:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks [2008/04/28 09:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks [2008/04/06 08:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2008/04/06 08:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla [2008/04/06 08:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/01 11:28:43 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2010/03/01 11:28:03 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/03/01 11:20:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/01 11:00:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/03/01 10:09:04 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/03/01 10:03:41 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/03/01 10:03:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/03/01 10:03:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/03/01 08:13:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/03/01 07:51:35 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3A56C63-04E8-4C07-B831-9BDA9AF0DFF4}.job [2010/02/27 10:13:32 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010/02/27 08:42:58 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk [2010/02/27 08:20:24 | 000,627,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\allan salisbury rootkit agent.doc [2010/02/25 19:06:36 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/24 16:52:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/02/19 21:38:45 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Byocaha.dat [2010/02/19 00:20:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Nbagagabobitu.bin [2010/02/17 22:48:16 | 000,021,482 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\https___secure.magazinesdirect.co.pdf [2010/02/16 18:08:15 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/02/16 18:04:46 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/02/16 15:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/02/15 22:28:29 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/02/12 10:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010/02/11 23:36:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/02/11 18:40:49 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/02/10 18:09:24 | 000,063,707 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\R and T.jpg [2010/02/09 21:39:08 | 000,270,336 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\application_form_english_version[1](2).doc [2010/02/06 23:55:18 | 000,000,037 | ---- | M] () -- C:\WINDOWS\ipixActivex.ini [2010/02/05 12:54:46 | 000,724,639 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\00683-2007[1].pdf [2010/02/03 19:16:26 | 000,270,336 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\application_form_english_version[1].doc [2010/02/03 19:14:37 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\External Affairs intern role profile - Jan 10 final.doc [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/27 08:19:37 | 000,627,200 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\allan salisbury rootkit agent.doc [2010/02/26 20:47:21 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cqfyto.dat [2010/02/17 22:48:16 | 000,021,482 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\https___secure.magazinesdirect.co.pdf [2010/02/16 18:08:15 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/02/16 18:04:46 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/02/11 18:40:49 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/02/10 18:09:26 | 000,063,707 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\R and T.jpg [2010/02/09 21:39:07 | 000,270,336 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\application_form_english_version[1](2).doc [2010/02/06 17:53:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini [2010/02/06 17:52:55 | 000,126,704 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2010/02/05 12:54:46 | 000,724,639 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\00683-2007[1].pdf [2010/02/03 19:16:25 | 000,270,336 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\application_form_english_version[1].doc [2010/02/03 19:14:35 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\External Affairs intern role profile - Jan 10 final.doc [2010/01/03 15:35:18 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ssdiag.ini [2010/01/03 11:53:45 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/07 19:57:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2008/12/25 22:24:55 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini [2008/09/30 20:14:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll [2008/08/09 11:37:40 | 001,079,285 | -HS- | C] () -- C:\WINDOWS\System32\evicaxok.ini [2008/08/08 22:16:31 | 000,026,792 | -HS- | C] () -- C:\WINDOWS\System32\abJjknpo.ini [2008/08/08 22:16:31 | 000,026,746 | -HS- | C] () -- C:\WINDOWS\System32\abJjknpo.ini2 [2008/04/14 20:34:04 | 000,005,712 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/01/02 22:03:23 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/12/12 20:14:41 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/12/09 19:11:47 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/11/11 11:31:38 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/10/29 20:57:03 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2007/10/29 20:53:40 | 000,004,056 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2007/10/24 19:48:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/01/25 17:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini < End of report > OTL Extras logfile created on: 01/03/2010 11:35:49 - Run 1 OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 18.39 Gb Free Space | 24.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALLAN-SQGSQB2SI Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1482476501-261478967-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" = C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe:*:Enabled:BTSoftphone -- File not found "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:
  2. Fulls scans keep revealing Rootkit.Agent c:\windows\system32\drivers\xfvrdz.sys with an Action 'Delete on Reboot' but when I reboot it's still there. I can see the file under Windows Explorer, it's not hidden or system or anything and interestingly the date timestamp is always the reboot time suggesting that it's put back everytime I reboot. I stopped system restore to see if that prevented it from being put back, I've tried manually deleting it in normal mode and safe mode but it's always in use, I've connected the drive to another system and deleted it but when I put the drive back in my system the file returns when I boot up. Any ideas? Thanks Alan
  3. Fulls scans keep revealing Rootkit.Agent c:\windows\system32\drivers\xfvrdz.sys with an Action 'Delete on Reboot' but when I reboot it's still there. I can see the file under Windows Explorer, it's not hidden or system or anything and interestingly the date timestamp is always the reboot time suggesting that it's put back everytime I reboot. I stopped system restore to see if that prevented it from being put back, I've tried manually deleting it in normal mode and safe mode but it's always in use, I've connected the drive to another system and deleted it but when I put the drive back in my system the file returns when I boot up. Any ideas? Thanks Alan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.