Jump to content

toormina

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. combofix uninstalled, defogger reenabled emulators thank you i have learned alot!
  2. thank you for all your time and effort on this. its very very much appreciated!!
  3. i uninstalled nortons, and now everything seem to be working just fine
  4. no changes to the router or network settings were needed
  5. Windows IP Configuration Host Name . . . . . . . . . . . . : pooter-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Belkin Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-1F-3B-00-9E-CD DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c5fe:f2a2:a758:56b%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, 12 May 2010 5:22:39 PM Lease Expires . . . . . . . . . . : Monday, 20 June 2146 1:29:32 AM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 268443451 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-8D-A7-8F-00-1D-09-39-5C-BE DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Broadcom NetLink Fast Ethernet Physical Address. . . . . . . . . : 00-1D-09-39-5C-BE DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 00-1F-3A-E4-2C-E3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : isatap.Belkin Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 10: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E19F16A2-2EC1-4C03-8146-423976973EFB} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.2.1 Name: mwbyte.vo.llnwd.net Address: 117.121.253.254 Aliases: mbam-cdn.malwarebytes.org Pinging mwbyte.vo.llnwd.net [117.121.253.254] with 32 bytes of data: Reply from 117.121.253.254: bytes=32 time=17ms TTL=59 Reply from 117.121.253.254: bytes=32 time=16ms TTL=59 Ping statistics for 117.121.253.254: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 16ms, Maximum = 17ms, Average = 16ms =========================================================================== Interface List 11 ...00 1f 3b 00 9e cd ...... Intel® Wireless WiFi Link 4965AGN 10 ...00 1d 09 39 5c be ...... Broadcom NetLink Fast Ethernet 9 ...00 1f 3a e4 2c e3 ...... Bluetooth Device (Personal Area Network) 1 ........................... Software Loopback Interface 1 18 ...00 00 00 00 00 00 00 e0 isatap.Belkin 19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 16 ...00 00 00 00 00 00 00 e0 isatap.{E19F16A2-2EC1-4C03-8146-423976973EFB} =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.0 255.255.255.0 On-link 192.168.2.3 281 192.168.2.3 255.255.255.255 On-link 192.168.2.3 281 192.168.2.255 255.255.255.255 On-link 192.168.2.3 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.3 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.3 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 11 281 fe80::/64 On-link 11 281 fe80::c5fe:f2a2:a758:56b/128 On-link 1 306 ff00::/8 On-link 11 281 ff00::/8 On-link =========================================================================== Persistent Routes: None
  6. All processes killed ========== OTL ========== Error: No service named pavboot was found to stop! Service\Driver key pavboot not found. File C:\Windows\system32\drivers\pavboot.sys not found. ========== FILES ========== File\Folder C:\Windows\System32\drivers\pavboot.sys not found. C:\Program Files\Panda Security\ActiveScan 2.0\psqstore folder moved successfully. C:\Program Files\Panda Security\ActiveScan 2.0 folder moved successfully. C:\Program Files\Panda Security folder moved successfully. C:\Program Files\AVG9 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users -> No Temporary Internet Files cache folder defined! User: Default ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Default User ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: pooter ->Temp folder emptied: 205986 bytes -> No Temporary Internet Files cache folder defined! ->Java cache emptied: 168601582 bytes ->FireFox cache emptied: 34664227 bytes ->Flash cache emptied: 16408 bytes User: Public ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 194.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: pooter ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.4.1 log created on 05122010_172051 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Norton Internrt Security2010 is still unable to start no other problem apart from no AV, would it be worth getting another security product?
  7. no problem, thanks for taking the time to help
  8. OTL Extras logfile created on: 10/05/2010 7:31:22 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\pooter\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.45 Gb Total Space | 66.16 Gb Free Space | 48.48% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.75 Gb Free Space | 57.51% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: POOTER-PC Current User Name: pooter Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-599327269-1105929237-2146797407-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13E7F044-98B9-4D03-92BB-DEFD1CB6DED4}" = rport=137 | protocol=17 | dir=out | app=system | "{34773905-8B31-40E5-AE7D-CC1F0B2CE939}" = rport=445 | protocol=6 | dir=out | app=system | "{60D018CD-6A5E-4513-A619-C944EB194D71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8CCC2D80-ECBD-4274-8041-4E857A96E49F}" = rport=139 | protocol=6 | dir=out | app=system | "{B4A4EF00-FC65-44C6-9D86-87C4BE990E88}" = rport=138 | protocol=17 | dir=out | app=system | "{BAB2C0E5-10A9-4AD9-B3A8-85662ED0EC6D}" = lport=138 | protocol=17 | dir=in | app=system | "{CF82688A-B7CF-42DB-BE9A-8C77BF4C8971}" = lport=445 | protocol=6 | dir=in | app=system | "{E2941B6E-FF7F-4770-B386-92E7FB54AB3C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EEE87FAA-E72B-4C70-AA9A-542909327676}" = lport=137 | protocol=17 | dir=in | app=system | "{FE5EE1FF-74A0-4483-8AE8-D945CCA31FD0}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07482811-460A-4FFF-B3FE-CDFF719A8795}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{25F3E35A-A121-4BFC-B646-9640B897D355}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2EA29704-0F83-4160-8BC1-C17439749AC1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{34C30BE6-22B1-4C42-AEFB-32DF878D1A7D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{692950B1-1796-4CF4-9241-E0DED196A322}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{7417AC56-643D-4F2A-BC7F-54D05AF5F94B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{8DA802F2-3B37-4C92-BAEC-182C4A7250AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{90D9BF90-F363-415B-9429-01196FB4EADF}" = protocol=17 | dir=in | app=c:\program files\messenger\yahoomessenger.exe | "{9638BEFF-27B9-497F-BAF4-796487A09FC8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{A67E2147-2581-42F0-B1C6-65309E304DC5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EEDBB85E-06F3-47B7-ACAE-E72A47387904}" = protocol=6 | dir=in | app=c:\program files\messenger\yahoomessenger.exe | "{F7EEA093-ACB0-42B8-BB2A-730826896090}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{74F9A612-FE0F-4AB6-8351-DA0956777A29}C:\program files\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files\achat\achat.exe | "TCP Query User{A0C41B74-799E-4FBF-B5BF-F770634E96A5}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | "UDP Query User{3B8BC5B9-4334-44A3-988B-EBFE3618B45A}C:\program files\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files\achat\achat.exe | "UDP Query User{D7B16080-FFB2-4CBD-8757-A6ADEECD33BC}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 19 "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java 6 Update 16 "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{983D0FB5-4818-48F3-8449-BD32CB5AF4CF}" = Brother HL-2040 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{C19DBE5E-712E-4F02-8380-ECEDD951B374}" = TwinhanDTV "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7 "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 4.65 "AChat_is1" = AChat v0.150 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AviSynth" = AviSynth 2.5 "CCleaner" = CCleaner (remove only) "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "DVD Shrink_is1" = DVD Shrink 3.2 "DVD43_is1" = DVD43 v4.4.1 "EPSON TX550W Series" = EPSON TX550W Series Printer Uninstall "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FeedDemon_is1" = FeedDemon "FeedStation_is1" = FeedStation "HDMI" = Intel® Graphics Media Accelerator Driver "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "NIS" = Norton Internet Security "OpenAL" = OpenAL "ProInst" = Intel® PROSet/Wireless Software "PSP Video 9" = PSP Video 9 5.03 "SumatraPDF" = Sumatra PDF reader "VLC media player" = VideoLAN VLC media player 0.8.6f "Yahoo! Messenger" = Yahoo! Messenger "ZEN Vision:M Series Media Explorer" = ZEN Vision:M Series Media Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/05/2010 9:00:04 AM | Computer Name = pooter-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 5/05/2010 4:08:19 AM | Computer Name = pooter-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 5/05/2010 4:34:43 AM | Computer Name = pooter-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 5/05/2010 7:07:42 AM | Computer Name = pooter-PC | Source = Perflib | ID = 1010 Description = Error - 5/05/2010 7:32:14 AM | Computer Name = pooter-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 6/05/2010 3:13:49 AM | Computer Name = pooter-PC | Source = Windows Search Service | ID = 3038 Description = Error - 6/05/2010 3:13:57 AM | Computer Name = pooter-PC | Source = Windows Search Service | ID = 3028 Description = Error - 6/05/2010 3:13:57 AM | Computer Name = pooter-PC | Source = Windows Search Service | ID = 3058 Description = Error - 6/05/2010 4:25:38 AM | Computer Name = pooter-PC | Source = Perflib | ID = 1008 Description = Error - 9/05/2010 6:15:58 PM | Computer Name = pooter-PC | Source = Perflib | ID = 1010 Description = [ Media Center Events ] Error - 5/11/2009 1:11:24 AM | Computer Name = pooter-PC | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  9. OTL logfile created on: 10/05/2010 7:31:22 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\pooter\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.45 Gb Total Space | 66.16 Gb Free Space | 48.48% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.75 Gb Free Space | 57.51% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: POOTER-PC Current User Name: pooter Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/10 19:30:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\pooter\Desktop\OTL.exe PRC - [2010/03/31 09:05:12 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe PRC - [2010/02/26 09:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe PRC - [2009/08/19 09:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/19 09:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009/06/29 15:28:08 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/19 17:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007/03/07 16:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/01/24 22:07:34 | 002,851,328 | ---- | M] (AChat team) -- C:\Program Files\AChat\AChat.exe PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe ========== Modules (SafeList) ========== MOD - [2010/05/10 19:30:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\pooter\Desktop\OTL.exe MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2007/04/13 15:37:20 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll MOD - [2006/11/03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - [2010/02/26 09:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS) SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/09/17 09:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® ========== Driver Services (SafeList) ========== DRV - [2010/03/25 06:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/02/27 12:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON) DRV - [2010/02/27 12:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP) DRV - [2010/02/27 12:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010/02/26 09:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP) DRV - [2010/02/18 07:56:48 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.038\NAVEX15.SYS -- (NAVEX15) DRV - [2010/02/18 07:56:48 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.038\NAVENG.SYS -- (NAVENG) DRV - [2010/02/17 18:04:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010/02/04 11:40:52 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS -- (SYMTDIv) DRV - [2010/02/04 11:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA) DRV - [2009/12/31 22:28:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/12/03 16:09:48 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/10/29 08:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100429.001\IDSvix86.sys -- (IDSVix86) DRV - [2009/08/30 10:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS) DRV - [2009/08/29 19:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/08/29 19:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/07/20 11:29:09 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh) DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/04/11 14:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/04/13 16:28:04 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007/03/26 16:18:24 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007/02/26 14:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2007/02/22 05:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007/02/22 05:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007/02/22 05:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/01/06 15:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2007/01/06 15:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006/11/06 17:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2006/11/06 15:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2006/11/06 15:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/06/28 19:07:42 | 000,016,128 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDTT2HID.sys -- (UDTT2HID) DRV - [2006/06/22 11:57:52 | 000,081,408 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDTT2BDA.sys -- (UDTT2BDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: showmemore@suskind:1.3 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/04/28 08:44:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/18 08:00:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Firefox2\components [2010/01/03 12:39:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Firefox2\plugins [2010/01/03 12:39:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Firefox\components [2010/04/11 21:01:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/03/31 09:05:15 | 000,000,000 | ---D | M] [2009/05/02 17:44:33 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Mozilla\Extensions [2010/05/10 07:58:22 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions [2009/08/08 09:17:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/22 07:19:56 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010/04/17 09:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/04/17 09:12:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/03/17 11:25:13 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions\DeviceDetection@logitech.com [2009/11/22 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Mozilla\Firefox\Profiles\r1juzpcv.default\extensions\showmemore@suskind O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe () O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AChat] C:\Program Files\AChat\AChat.exe (AChat team) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\pooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\pooter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\pooter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009/05/07 21:18:55 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010/05/10 19:29:24 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\pooter\Desktop\OTL.exe [2010/05/10 15:31:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/10 15:31:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/10 15:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/10 15:30:19 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pooter\Desktop\mbam-setup-1.46.exe [2010/05/10 12:26:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/05/10 12:26:51 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/05/10 12:26:51 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Local\temp [2010/05/10 12:17:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/05/10 12:17:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/05/10 12:17:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/05/10 12:17:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/05/10 12:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/05/10 12:17:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/05/06 19:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/05/06 19:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/05/06 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\pooter\Desktop\hijackthis [2010/05/06 17:35:07 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Roaming\Malwarebytes [2010/05/06 17:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/06 17:11:28 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010/05/05 22:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG9 [2010/05/05 21:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010/05/05 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Local\Tific [2010/05/05 18:13:13 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Roaming\Tific [2010/05/04 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Local\Microangelo On Display [2010/05/04 22:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microangelo On Display [2010/05/04 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\pooter\Icons and Cursors [2010/04/04 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/04/04 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/04/04 18:03:37 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys [2010/04/01 09:19:30 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symtdiv.sys [2010/04/01 09:19:29 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.sys [2010/04/01 09:19:29 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symds.sys [2010/04/01 09:19:29 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.sys [2010/04/01 09:19:29 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.sys [2010/04/01 09:19:29 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\ironx86.sys [2010/04/01 09:19:29 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.sys [2010/04/01 09:19:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1106000.020 [2010/03/24 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2010/03/17 11:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2010/02/28 19:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2010/02/19 10:29:12 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Local\CrashDumps [2010/02/17 18:04:24 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2010/02/17 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010/02/17 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010/02/17 18:03:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2010/02/17 18:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2010/02/17 18:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010/02/17 17:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010/02/17 17:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2010/02/16 22:57:34 | 000,000,000 | ---D | C] -- C:\Users\pooter\AppData\Roaming\QuickScan [2010/02/16 22:43:29 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010/02/16 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security ========== Files - Modified Within 90 Days ========== [2010/05/10 19:31:58 | 001,837,586 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB [2010/05/10 19:30:55 | 002,097,152 | -HS- | M] () -- C:\Users\pooter\NTUSER.DAT [2010/05/10 19:30:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\pooter\Desktop\OTL.exe [2010/05/10 19:22:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/10 19:22:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/10 15:30:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pooter\Desktop\mbam-setup-1.46.exe [2010/05/10 15:28:41 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/10 15:28:41 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/10 15:28:41 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/10 15:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/10 15:22:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/10 15:22:51 | 3208,728,576 | -HS- | M] () -- C:\hiberfil.sys [2010/05/10 15:22:07 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/05/10 15:22:02 | 000,065,536 | -HS- | M] () -- C:\Users\pooter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/10 15:22:01 | 000,524,288 | -HS- | M] () -- C:\Users\pooter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/10 15:22:00 | 001,323,965 | -H-- | M] () -- C:\Users\pooter\AppData\Local\IconCache.db [2010/05/10 15:21:36 | 000,059,664 | ---- | M] () -- C:\Users\pooter\Desktop\mbam-clean.exe [2010/05/10 12:24:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/05/10 12:15:35 | 003,684,752 | R--- | M] () -- C:\Users\pooter\Desktop\ComboFix.exe [2010/05/10 08:08:18 | 000,293,376 | ---- | M] () -- C:\Users\pooter\Desktop\wpvt6lqq.exe [2010/05/10 08:00:25 | 000,525,824 | ---- | M] () -- C:\Users\pooter\Desktop\dds.scr [2010/05/10 07:45:13 | 000,000,176 | ---- | M] () -- C:\Users\pooter\defogger_reenable [2010/05/10 07:44:08 | 000,050,477 | ---- | M] () -- C:\Users\pooter\Desktop\Defogger.exe [2010/05/06 19:37:44 | 000,095,695 | ---- | M] () -- C:\Users\pooter\Desktop\wallpaper-160917.jpg [2010/05/06 19:37:34 | 000,918,753 | ---- | M] () -- C:\Users\pooter\Desktop\wallpaper-162413.jpg [2010/05/06 18:59:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010/05/06 18:59:59 | 000,000,054 | ---- | M] () -- C:\Windows\System32\bd2040.dat [2010/05/05 18:26:37 | 000,167,936 | ---- | M] () -- C:\Users\pooter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/04 22:22:02 | 000,000,990 | ---- | M] () -- C:\Users\pooter\Desktop\Pooter.lnk [2010/05/04 22:19:26 | 000,002,509 | ---- | M] () -- C:\Users\pooter\Desktop\Treasure Chest.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe [2010/04/19 10:23:17 | 000,000,313 | ---- | M] () -- C:\Windows\Brownie.ini [2010/04/06 17:13:42 | 000,248,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/03/28 16:47:31 | 000,055,600 | ---- | M] () -- C:\Users\pooter\AppData\Local\GDIPFONTCACHEV1.DAT [2010/03/27 10:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini [2010/03/19 11:25:41 | 000,198,530 | ---- | M] () -- C:\CTMeasureTiming.ini [2010/03/03 15:58:53 | 000,000,120 | ---- | M] () -- C:\Users\pooter\AppData\Local\Mtikimiqay.dat [2010/03/03 15:58:53 | 000,000,000 | ---- | M] () -- C:\Users\pooter\AppData\Local\Cfinusaneyulex.bin [2010/03/02 13:32:06 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.cat [2010/03/02 13:32:06 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.cat [2010/02/27 12:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\ironx86.sys [2010/02/27 12:23:54 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.cat [2010/02/27 12:23:54 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.inf [2010/02/27 12:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.sys [2010/02/27 12:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.sys [2010/02/27 12:23:21 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.inf [2010/02/27 12:23:21 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.inf [2010/02/26 09:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.sys [2010/02/26 03:54:56 | 000,007,396 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.cat [2010/02/19 20:23:07 | 000,646,954 | R--- | M] () -- C:\Users\pooter\Documents\shooting range.pdf [2010/02/17 18:04:11 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2010/02/17 18:04:11 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2010/02/17 18:04:11 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2010/02/17 17:56:55 | 000,000,489 | ---- | M] () -- C:\Windows\System32\Video .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | M] () -- C:\Windows\System32\Pictures .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | M] () -- C:\Windows\System32\Passwords .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | M] () -- C:\Windows\System32\New Folder .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | M] () -- C:\Windows\System32\Music .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | M] () -- C:\Windows\System32\Documents .lnk [2010/02/16 23:07:22 | 000,000,036 | ---- | M] () -- C:\Users\pooter\AppData\Local\housecall.guid.cache ========== Files Created - No Company Name ========== [2010/05/10 15:21:36 | 000,059,664 | ---- | C] () -- C:\Users\pooter\Desktop\mbam-clean.exe [2010/05/10 12:17:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/05/10 12:17:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/05/10 12:17:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/05/10 12:17:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/05/10 12:17:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/05/10 12:14:33 | 003,684,752 | R--- | C] () -- C:\Users\pooter\Desktop\ComboFix.exe [2010/05/10 08:07:58 | 000,293,376 | ---- | C] () -- C:\Users\pooter\Desktop\wpvt6lqq.exe [2010/05/10 07:59:54 | 000,525,824 | ---- | C] () -- C:\Users\pooter\Desktop\dds.scr [2010/05/10 07:44:59 | 000,000,176 | ---- | C] () -- C:\Users\pooter\defogger_reenable [2010/05/10 07:44:07 | 000,050,477 | ---- | C] () -- C:\Users\pooter\Desktop\Defogger.exe [2010/05/06 19:37:44 | 000,095,695 | ---- | C] () -- C:\Users\pooter\Desktop\wallpaper-160917.jpg [2010/05/06 19:37:34 | 000,918,753 | ---- | C] () -- C:\Users\pooter\Desktop\wallpaper-162413.jpg [2010/05/06 17:32:45 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Startup.cpl [2010/04/06 17:11:44 | 001,837,586 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB [2010/04/01 09:19:30 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.cat [2010/04/01 09:19:30 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.cat [2010/04/01 09:19:30 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.inf [2010/04/01 09:19:30 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.inf [2010/04/01 09:19:29 | 000,007,444 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.cat [2010/04/01 09:19:29 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.cat [2010/04/01 09:19:29 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.cat [2010/04/01 09:19:29 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.cat [2010/04/01 09:19:29 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.cat [2010/04/01 09:19:29 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.cat [2010/04/01 09:19:29 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.inf [2010/04/01 09:19:29 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.inf [2010/04/01 09:19:29 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.inf [2010/04/01 09:19:29 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.inf [2010/04/01 09:19:29 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.inf [2010/04/01 09:19:29 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.inf [2010/04/01 09:19:09 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini [2010/02/19 20:23:07 | 000,646,954 | R--- | C] () -- C:\Users\pooter\Documents\shooting range.pdf [2010/02/17 18:04:24 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2010/02/17 18:04:24 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2010/02/17 17:56:55 | 000,000,489 | ---- | C] () -- C:\Windows\System32\Video .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | C] () -- C:\Windows\System32\Pictures .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | C] () -- C:\Windows\System32\Passwords .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | C] () -- C:\Windows\System32\Music .lnk [2010/02/17 17:56:55 | 000,000,489 | ---- | C] () -- C:\Windows\System32\Documents .lnk [2010/02/17 17:56:54 | 000,000,489 | ---- | C] () -- C:\Windows\System32\New Folder .lnk [2010/02/16 23:07:22 | 000,000,036 | ---- | C] () -- C:\Users\pooter\AppData\Local\housecall.guid.cache [2010/02/16 22:33:51 | 000,000,120 | ---- | C] () -- C:\Users\pooter\AppData\Local\Mtikimiqay.dat [2010/02/16 22:33:51 | 000,000,000 | ---- | C] () -- C:\Users\pooter\AppData\Local\Cfinusaneyulex.bin [2009/10/21 16:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/05/22 16:03:19 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009/05/22 16:03:12 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2009/05/22 16:03:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009/05/22 16:03:11 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI [2009/05/22 16:01:42 | 000,000,313 | ---- | C] () -- C:\Windows\Brownie.ini [2009/05/02 23:59:07 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/05/02 23:59:04 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009/05/02 23:59:04 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/05/02 23:59:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/05/02 23:59:02 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/05/02 23:59:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/05/02 17:12:20 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2009/05/02 17:12:20 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2009/05/02 17:12:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll [2009/05/02 17:12:20 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009/05/02 16:56:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2009/11/15 20:45:46 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\AChat [2009/05/24 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\DAEMON Tools Lite [2010/01/22 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\DeepBurner [2010/04/15 21:44:40 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\FrostWire [2010/05/05 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Movienizer [2010/01/16 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Nokia [2009/12/18 22:51:16 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\OpenOffice.org [2010/01/16 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\PC Suite [2009/05/24 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Pingus [2010/02/16 22:59:13 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\QuickScan [2009/07/03 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\SumatraPDF [2010/05/05 21:05:28 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Tific [2010/05/10 13:44:31 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\uTorrent [2009/06/22 17:02:09 | 000,000,000 | ---D | M] -- C:\Users\pooter\AppData\Roaming\Vodafone [2010/05/10 15:22:07 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2009/05/03 10:10:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2010/05/10 12:26:49 | 000,017,454 | ---- | M] () -- C:\ComboFix.txt [2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/03/19 11:25:41 | 000,198,530 | ---- | M] () -- C:\CTMeasureTiming.ini [2008/03/31 02:03:34 | 000,004,614 | RH-- | M] () -- C:\dell.sdr [2010/05/10 15:22:51 | 3208,728,576 | -HS- | M] () -- C:\hiberfil.sys [2009/03/25 10:17:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/04/07 20:44:04 | 000,355,328 | ---- | M] () -- C:\list.xlr [2009/03/25 10:17:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/05/10 15:22:50 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys [2009/11/16 20:50:50 | 000,016,926 | ---- | M] () -- C:\TreasureChestIcon.ico [2009/11/18 21:47:02 | 000,000,156 | ---- | M] () -- C:\YServer.txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/04/11 16:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009/04/11 16:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2009/04/11 16:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2010/02/21 06:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/02/23 21:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys [2010/02/23 21:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys [2010/02/23 21:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys [2010/02/17 18:04:11 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2010/02/19 00:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys [2010/02/18 21:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:48081133 @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5E9B629B @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >
  10. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 10/05/2010 1:58:11 PM mbam-log-2010-05-10 (13-58-11).txt Scan type: Quick scan Objects scanned: 113727 Time elapsed: 6 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. i removed those programs restarted but Norton still wont start and MBAM cant update
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.