Jump to content

PurpleShark

Honorary Members
 View Profile  See their activity

  • Posts

    40

  • Joined

  • Last visited

Reputation

0 Neutral
  1. PurpleShark
    ESET is now scanning the E drive, shall I stop it and carry out your next instructions or shall I let it keep scanning all the drives? Is H: a removable external drive? E, G & H are all removable external hard drives.
  2. PurpleShark
    Yes it found this last night... "Threats found! a variant of Java/Trojan downloader.OpenConnection.MU trojan"
  3. PurpleShark
    Ok, I`ll have to wait until the ESET has stopped scanning. It`s been going for 18 hours now & the blue bar isn`t even halfway across.
  4. PurpleShark
    OTL logfile created on: 12/05/2011 18:24:43 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 27.15 Gb Free Space | 18.22% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 117.18 Gb Free Space | 39.31% Space Free | Partition Type: NTFS Drive G: | 1397.26 Gb Total Space | 1071.61 Gb Free Space | 76.69% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 902.55 Gb Free Space | 96.89% Space Free | Partition Type: NTFS Computer Name: MUGGY | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2011/05/12 18:05:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2011/05/12 13:22:35 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/23 13:36:23 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe PRC - [2008/01/19 08:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe PRC - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ========== Modules (SafeList) ========== MOD - [2011/05/12 18:05:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe MOD - [2011/04/29 16:59:06 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll MOD - [2011/04/29 16:59:06 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll MOD - [2011/04/29 01:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2009/03/23 13:36:23 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) ========== Driver Services (SafeList) ========== DRV - [2011/05/11 13:14:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/05/11 13:14:04 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/05/11 13:09:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/05/04 02:33:20 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110512.002\NAVEX15.SYS -- (NAVEX15) DRV - [2011/05/04 02:33:20 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110512.002\NAVENG.SYS -- (NAVENG) DRV - [2011/05/02 13:00:32 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169) DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP) DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv) DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA) DRV - [2011/03/14 19:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110511.001\IDSvix86.sys -- (IDSVix86) DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS) DRV - [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON) DRV - [2010/12/02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2010/02/26 11:45:55 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka) DRV - [2009/04/14 03:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008/01/19 05:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/05/11 23:55:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/05/11 13:05:18 | 000,000,000 | ---D | M] [2011/03/29 16:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2011/03/29 16:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\home2@tomtom.com File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - HKLM..\RunOnceEx: [Title] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-gb/wlscctrl2.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/15 10:52:18 | 000,000,080 | ---- | M] () - H:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{5315aa6d-48d5-11e0-a080-0019d138c5ad}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2009/01/16 08:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 1 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - ff_vfw.dll File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2011/05/12 18:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/05/12 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011/05/11 23:42:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/05/11 13:09:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys [2011/05/11 13:09:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys [2011/05/11 13:09:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys [2011/05/11 13:09:10 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys [2011/05/11 13:09:05 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys [2011/05/11 13:09:03 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys [2011/05/11 13:09:03 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys [2011/05/11 13:05:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D [2011/05/10 06:41:09 | 000,000,000 | ---D | C] -- C:\NBRT [2011/05/09 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2011/05/09 21:04:19 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Norton [2011/05/09 20:32:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/05/09 20:26:56 | 000,100,736 | ---- | C] (GMER) -- C:\fxldypod.sys [2011/05/09 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics [2011/05/09 16:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/05/09 16:21:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DriverCure [2011/05/09 16:21:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ParetoLogic [2011/05/09 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2011/05/09 16:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011/05/09 16:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/05/09 14:33:03 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\My Council Tax Bills [2011/05/07 17:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe [2011/05/06 13:54:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/05/06 12:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/05/06 12:34:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps [2011/05/05 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HpUpdate [2011/05/04 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NPE [2011/05/03 23:20:43 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011/05/03 23:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011/05/03 23:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011/05/03 23:19:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2011/05/03 23:19:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011/05/03 23:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2011/05/03 23:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011/05/03 23:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011/05/03 23:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011/05/02 13:43:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG [2011/05/02 11:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BA554000-D974-4295-8A8D-A8A8569D9619} [2011/05/01 00:02:50 | 000,028,672 | ---- | C] (Auralis, Inc.) -- C:\Windows\System32\ssconfig.exe [2011/04/30 14:30:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Player Classic [2011/04/30 14:28:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack [2011/04/30 14:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack [2011/04/29 20:35:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011/04/29 17:04:20 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/04/29 16:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2011/04/29 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011/04/29 04:33:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinBatch [2011/04/29 03:51:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2011/04/28 01:38:00 | 000,000,000 | ---D | C] -- C:\CardRecovery [2011/04/25 21:30:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Trusteer [2011/04/25 16:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2011/04/19 21:02:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashRpt [2011/04/19 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Epitiro [2011/04/19 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Broadband Test Application [2011/04/19 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2011/04/18 21:46:11 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\CardRecovery [2011/04/18 20:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRecovery [2011/04/18 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\CardRecovery [2011/04/18 14:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2011/04/18 09:41:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2011/04/17 22:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2011/04/17 22:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations [2011/04/16 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\asoftech [2011/04/08 10:17:38 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/04/05 01:05:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live [2011/04/05 01:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2011/04/04 03:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2011/04/03 00:19:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011/04/03 00:19:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011/04/03 00:19:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011/04/02 23:25:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011/03/29 16:10:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla [2011/03/28 22:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software [2011/03/28 22:25:26 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeD94E.dll [2011/03/28 22:25:20 | 000,114,600 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdm.sys [2011/03/28 22:25:20 | 000,109,736 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017unic.sys [2011/03/28 22:25:20 | 000,108,328 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mgmt.sys [2011/03/28 22:25:20 | 000,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017obex.sys [2011/03/28 22:25:20 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017bus.sys [2011/03/28 22:25:20 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017nd5.sys [2011/03/28 22:25:20 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdfl.sys [2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017whnt.sys [2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017wh.sys [2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cmnt.sys [2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cm.sys [2011/03/28 22:25:20 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cr.sys [2011/03/28 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/03/15 04:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011/03/14 23:12:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/03/13 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Leadertech [2011/03/09 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple [2011/03/07 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple Computer [2011/03/07 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe [2011/03/07 01:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/03/06 22:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/03/06 22:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/06 22:50:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/03/06 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/18 01:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2011/02/18 01:56:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVS4YOU [2011/02/18 01:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2011/02/13 13:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition ========== Files - Modified Within 90 Days ========== [2011/05/12 18:27:14 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000UA.job [2011/05/12 18:19:20 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/12 18:19:19 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/12 18:18:44 | 000,000,607 | ---- | M] () -- C:\Users\user\Desktop\esetsmartinstaller_enu - Shortcut.lnk [2011/05/12 18:12:57 | 000,000,506 | ---- | M] () -- C:\Users\user\Desktop\OTL - Shortcut.lnk [2011/05/12 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011/05/12 14:20:04 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\IsposureAgent.job [2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Owjuyj.job [2011/05/12 14:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/05/12 13:27:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000Core.job [2011/05/12 06:50:20 | 002,107,882 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB [2011/05/11 23:54:08 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011/05/11 23:44:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/05/11 23:42:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/05/11 18:44:35 | 000,002,696 | ---- | M] () -- C:\{38CD17DF-A927-446C-880C-5B49FE2C7F81} [2011/05/11 15:12:53 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable [2011/05/11 13:09:23 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011/05/11 13:09:23 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011/05/11 13:09:23 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011/05/09 21:10:38 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/05/09 21:10:37 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/05/09 20:32:46 | 355,680,041 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/05/09 20:26:56 | 000,100,736 | ---- | M] (GMER) -- C:\fxldypod.sys [2011/05/07 17:11:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/05/07 17:11:29 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt [2011/05/07 17:11:29 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat [2011/05/07 15:59:30 | 000,018,432 | ---- | M] () -- C:\Users\user\Documents\NATIVE AMERICAN INDIAN WEDDING BLESSING.wps [2011/05/07 15:59:30 | 000,002,250 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2011/05/06 13:54:20 | 000,002,037 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2011/05/06 13:54:20 | 000,001,999 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/05/06 12:51:04 | 000,000,903 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/05/04 22:25:21 | 000,103,424 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/01 00:04:37 | 000,000,084 | ---- | M] () -- C:\Windows\WSST_Screen_Saver.ini [2011/05/01 00:04:15 | 002,909,820 | ---- | M] () -- C:\Windows\Blue Planet The Deep.dat [2011/05/01 00:04:15 | 000,466,944 | ---- | M] () -- C:\Windows\Blue Planet The Deep.scr [2011/05/01 00:04:15 | 000,180,224 | ---- | M] () -- C:\Windows\UninstallWSST.exe [2011/05/01 00:04:15 | 000,028,672 | ---- | M] (Auralis, Inc.) -- C:\Windows\System32\ssconfig.exe [2011/05/01 00:02:50 | 002,181,486 | ---- | M] () -- C:\Windows\Blue Planet.dat [2011/05/01 00:02:50 | 000,466,944 | ---- | M] () -- C:\Windows\Blue Planet.scr [2011/04/29 20:34:51 | 000,274,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/04/29 16:49:23 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011/04/29 16:49:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011/04/29 16:48:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011/04/29 04:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini [2011/04/19 21:02:13 | 000,000,296 | ---- | M] () -- C:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini [2011/04/18 21:43:48 | 000,000,511 | ---- | M] () -- C:\Users\Public\Desktop\CardRecovery.lnk [2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/04/05 02:29:26 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat [2011/04/05 02:25:18 | 000,007,454 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat [2011/04/05 02:25:18 | 000,007,450 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat [2011/04/04 03:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011/04/04 03:26:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011/03/31 04:04:12 | 000,007,877 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat [2011/03/31 04:04:12 | 000,007,458 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys [2011/03/31 04:00:09 | 000,001,389 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf [2011/03/31 04:00:09 | 000,001,383 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf [2011/03/28 22:25:26 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeD94E.dll [2011/03/28 18:57:30 | 000,001,854 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/03/28 18:36:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011/03/22 19:20:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011/03/22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys [2011/03/22 01:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys [2011/03/22 01:39:48 | 000,001,474 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.inf [2011/03/22 01:39:48 | 000,001,446 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys [2011/03/15 03:31:23 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf [2011/03/13 18:31:45 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011/03/13 18:31:37 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011/03/06 22:10:38 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2011/03/06 19:14:59 | 000,069,632 | RHS- | M] () -- C:\Windows\System32\wisptiso.dll [2011/02/23 16:20:54 | 000,002,048 | ---- | M] () -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator Prefs ========== Files Created - No Company Name ========== [2011/05/12 18:18:44 | 000,000,607 | ---- | C] () -- C:\Users\user\Desktop\esetsmartinstaller_enu - Shortcut.lnk [2011/05/12 18:12:57 | 000,000,506 | ---- | C] () -- C:\Users\user\Desktop\OTL - Shortcut.lnk [2011/05/11 23:50:23 | 002,107,882 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB [2011/05/11 18:44:35 | 000,002,696 | ---- | C] () -- C:\{38CD17DF-A927-446C-880C-5B49FE2C7F81} [2011/05/11 15:12:53 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable [2011/05/11 13:09:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat [2011/05/11 13:09:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat [2011/05/11 13:09:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat [2011/05/11 13:09:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf [2011/05/11 13:09:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.inf [2011/05/11 13:09:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf [2011/05/11 13:09:10 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.inf [2011/05/11 13:09:05 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat [2011/05/11 13:09:05 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf [2011/05/11 13:09:03 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat [2011/05/11 13:09:03 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat [2011/05/11 13:09:03 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf [2011/05/11 13:09:03 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.inf [2011/05/11 13:05:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.cat [2011/05/11 13:05:18 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini [2011/05/09 20:32:46 | 355,680,041 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/05/07 17:11:29 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat [2011/05/07 15:59:30 | 000,018,432 | ---- | C] () -- C:\Users\user\Documents\NATIVE AMERICAN INDIAN WEDDING BLESSING.wps [2011/05/06 13:54:20 | 000,002,037 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk [2011/05/06 13:54:20 | 000,001,999 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/05/06 13:52:45 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000UA.job [2011/05/06 13:52:44 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000Core.job [2011/05/03 23:55:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/05/03 23:20:43 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011/05/03 23:20:43 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011/05/03 23:20:32 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011/05/01 00:04:15 | 002,909,820 | ---- | C] () -- C:\Windows\Blue Planet The Deep.dat [2011/05/01 00:04:15 | 000,466,944 | ---- | C] () -- C:\Windows\Blue Planet The Deep.scr [2011/05/01 00:02:51 | 000,000,084 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini [2011/05/01 00:02:50 | 002,181,486 | ---- | C] () -- C:\Windows\Blue Planet.dat [2011/05/01 00:02:50 | 000,466,944 | ---- | C] () -- C:\Windows\Blue Planet.scr [2011/05/01 00:02:50 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe [2011/04/29 20:37:18 | 000,000,909 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/04/29 17:02:47 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011/04/29 16:48:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011/04/19 21:02:22 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\IsposureAgent.job [2011/04/19 21:01:56 | 000,000,296 | ---- | C] () -- C:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini [2011/04/18 20:54:07 | 000,000,511 | ---- | C] () -- C:\Users\Public\Desktop\CardRecovery.lnk [2011/04/17 22:21:07 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011/04/04 03:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011/04/04 03:26:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011/03/28 18:57:30 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2011/03/28 18:57:30 | 000,001,854 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/03/28 18:36:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011/03/22 19:20:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011/03/14 23:24:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/03/14 23:24:23 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2011/03/14 23:11:01 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/03/14 23:11:01 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011/03/14 23:11:01 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/03/14 16:13:30 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011/03/14 16:13:27 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2011/03/14 16:13:20 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2011/03/14 16:13:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/03/14 16:13:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/03/14 16:13:15 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2011/03/14 16:13:11 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2011/03/14 16:12:54 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2011/03/14 16:12:52 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2011/03/14 16:12:05 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2011/03/14 16:11:54 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2011/03/06 19:14:59 | 000,069,632 | RHS- | C] () -- C:\Windows\System32\wisptiso.dll [2011/03/06 19:14:59 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Owjuyj.job [2011/03/06 13:12:55 | 000,202,053 | ---- | C] () -- C:\Windows\hpoins39.dat.temp [2011/03/06 13:12:55 | 000,000,703 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp [2010/12/08 02:09:15 | 000,002,048 | ---- | C] () -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator Prefs [2010/12/08 02:09:15 | 000,002,048 | ---- | C] () -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator Prefs (2) [2010/11/17 22:16:00 | 000,202,053 | ---- | C] () -- C:\Windows\hpoins39.dat [2010/11/17 22:16:00 | 000,000,703 | ---- | C] () -- C:\Windows\hpomdl39.dat [2010/02/21 04:11:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/03/23 13:36:24 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe [2009/01/21 01:13:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/01/06 02:10:36 | 000,029,982 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009/01/06 02:10:36 | 000,029,982 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile (2).png [2009/01/06 01:01:02 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2009/01/06 01:01:02 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps (2).dat [2008/11/19 21:44:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008/10/09 21:18:28 | 000,002,250 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2008/10/09 21:18:28 | 000,002,104 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst (2).dat [2008/10/04 23:12:51 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys [2008/10/02 18:19:07 | 000,000,386 | ---- | C] () -- C:\Windows\AvDetected.ini [2008/10/02 00:35:23 | 000,103,424 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/01 12:05:32 | 000,066,752 | ---- | C] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1 (2).DAT [2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:44:53 | 000,274,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/12/08 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator [2011/03/06 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon [2011/04/16 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\asoftech [2011/05/02 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG [2010/02/18 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/02/27 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/05/09 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure [2011/03/06 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFileViewer [2011/03/13 23:09:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2011/05/09 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic [2011/03/06 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic [2011/03/06 20:17:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2009/01/23 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TomTom [2010/02/05 18:27:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Trusteer [2011/04/29 04:33:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch [2011/05/12 14:20:04 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\IsposureAgent.job [2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\Owjuyj.job [2011/05/12 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2011/05/12 14:15:29 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/05/04 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe [2010/12/08 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator [2011/03/06 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon [2010/02/19 12:33:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer [2011/04/16 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\asoftech [2011/05/02 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG [2011/02/18 01:59:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVS4YOU [2010/02/18 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/02/27 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/05/09 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure [2011/03/06 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFileViewer [2008/11/27 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Google [2010/05/19 17:58:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HP [2011/05/05 22:29:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate [2008/10/01 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities [2009/08/08 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Kodak [2011/03/13 23:09:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2008/10/01 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia [2008/10/02 22:26:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes [2011/04/30 14:30:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Player Classic [2011/05/04 17:58:37 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft [2011/03/29 16:10:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla [2011/05/09 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic [2011/03/06 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic [2011/04/25 18:34:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Corporation [2011/03/06 20:17:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2009/01/23 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TomTom [2010/02/05 18:27:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Trusteer [2011/04/29 04:33:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch [2010/05/19 00:49:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2010/01/23 22:04:42 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe [2011/02/04 00:17:50 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2011/04/29 15:22:03 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe [2011/03/29 16:12:33 | 020,391,528 | ---- | M] (TomTom International B.V.) -- C:\Users\user\AppData\Roaming\TomTom\HOME\Profiles\6wsc6f9x.default\Updates\v2_8_1_2218_win.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2006/11/22 15:55:53 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2006/11/22 15:55:53 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2006/11/22 15:55:53 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008/10/02 10:50:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/10/02 10:50:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/10/02 10:50:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVRAID.SYS > [2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys [2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys < MD5 for: NVSTOR.SYS > [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\system32\*.dll /lockedfiles > [2009/04/11 07:28:17 | 001,730,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\apds.dll [2011/03/06 19:14:59 | 000,069,632 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\wisptiso.dll < %systemroot%\Tasks\*.job /lockedfiles > [2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\Owjuyj.job < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2011/02/22 14:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys [2011/02/22 14:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys [2011/02/22 14:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys [2011/02/22 14:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys [2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/02/18 15:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys [2011/02/18 15:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys [2011/02/18 15:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys [2011/05/11 13:09:23 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011/02/18 16:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > The ESET online scanner is still scanning, it has found "a variant of Java/Trojan downloader.OpenConnection.MU trojan"
  5. PurpleShark
    Are there any more computer connected to Internet through that router? No What is the brand and model of the router? Netgear for Sky Broadband OTL Extras logfile created on: 12/05/2011 18:24:43 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 27.15 Gb Free Space | 18.22% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 117.18 Gb Free Space | 39.31% Space Free | Partition Type: NTFS Drive G: | 1397.26 Gb Total Space | 1071.61 Gb Free Space | 76.69% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 902.55 Gb Free Space | 96.89% Space Free | Partition Type: NTFS Computer Name: MUGGY | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2DC634B4-7AA7-488A-AC47-B07F179E2A55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{82348B08-5732-442C-AC97-2B168C510B1C}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{90A87D2C-29CD-45A8-8537-FCB38379ADCA}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{B462E9AA-491A-44BB-A30D-71AF596553F4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{E74801F7-E731-4CFF-AA5B-7D340CEEC35B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006894C3-4795-4ED7-9B3C-642DF5C6A6D2}" = protocol=6 | dir=in | app=c:\program files\broadband test application\broadbandtestapp.exe | "{10B0CE40-1A99-4CA9-B717-80E92724D804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F4A50FA-FA80-4EF6-B8A5-0E9D4505FAB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2CA0C1FB-E98E-43D4-82C8-6754EEFB72AE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{305207F6-F0A0-4EA1-AC46-AB4269AB3C82}" = protocol=17 | dir=in | app=c:\program files\broadband test application\broadbandtestapp.exe | "{46E2C707-D8D8-4735-8940-DED30B891C95}" = dir=in | app=d:\setup\hpznui01.exe | "{495AB09D-3640-42DE-9681-71B82F5F3C77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{651A523B-4EF0-490C-81D4-79B124C620D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{7544EAD2-4F89-46A4-AE15-3186CC0DD0F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{781C9C2D-A19D-4DBF-AB51-E823F5BCB630}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9D2C35AA-A515-4FA1-B663-1C411F5BBAC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A5E3BC05-EF42-4231-914E-04B97733F44D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BEE1F800-C1DF-403E-8DEC-43D6794ABA4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{BFBB5088-AC06-4EC9-B52C-DA3D087D0ACD}" = dir=in | app=c:\program files\itunes\itunes.exe | "{DF1F60BD-911C-4E56-8109-B12701676F71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "TCP Query User{0775F036-054E-4146-81B9-041AD0A41269}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{43369BF7-D446-4292-8F46-A5483C479307}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{17F4D245-2BD8-43D4-A907-217917C3BF8C}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{D37A9E90-9ACF-4F80-B6E1-AE47759DCBB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 25 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}" = Broadband Test Application "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ESET Online Scanner" = ESET Online Scanner v3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "Rapport_msi" = Rapport "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [32-Bit] "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09/05/2011 15:45:06 | Computer Name = Muggy | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 09/05/2011 15:45:07 | Computer Name = Muggy | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 09/05/2011 16:13:25 | Computer Name = Muggy | Source = Application Hang | ID = 1002 Description = The program PhotoDownloader.exe version 3.0.0.1448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1664 Start Time: 01cc0e8488a5a77b Termination Time: 576 Error - 11/05/2011 11:35:54 | Computer Name = Muggy | Source = Perflib | ID = 1010 Description = Error - 11/05/2011 11:57:58 | Computer Name = Muggy | Source = Application Hang | ID = 1002 Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b70 Start Time: 01cc0fcfc6cac470 Termination Time: 173 Error - 11/05/2011 18:48:18 | Computer Name = Muggy | Source = Application Error | ID = 1000 Description = Faulting application _isB527.exe, version 12.0.0.58849, time stamp 0x45b1a378, faulting module _isB527.exe, version 12.0.0.58849, time stamp 0x45b1a378, exception code 0xc0000005, fault offset 0x0001e7b9, process id 0x20e4, application start time 0x01cc102d82d25950. Error - 11/05/2011 18:54:32 | Computer Name = Muggy | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11/05/2011 18:54:32 | Computer Name = Muggy | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 12/05/2011 13:23:39 | Computer Name = Muggy | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.22.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 13c4 Start Time: 01cc10c7e92cd7cf Termination Time: 24 Error - 12/05/2011 13:44:36 | Computer Name = Muggy | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 09/05/2011 15:37:36 | Computer Name = Muggy | Source = LSM | ID = 1048 Description = Error - 09/05/2011 15:45:07 | Computer Name = Muggy | Source = LSM | ID = 1048 Description = Error - 09/05/2011 15:55:19 | Computer Name = Muggy | Source = LSM | ID = 1048 Description = Error - 11/05/2011 07:36:24 | Computer Name = Muggy | Source = LSM | ID = 1048 Description = Error - 11/05/2011 07:36:55 | Computer Name = Muggy | Source = PlugPlayManager | ID = 11 Description = The device Root\LEGACY_SMR162\0000 disappeared from the system without first being prepared for removal. Error - 11/05/2011 08:19:39 | Computer Name = Muggy | Source = Service Control Manager | ID = 7011 Description = Error - 11/05/2011 13:13:41 | Computer Name = Muggy | Source = Service Control Manager | ID = 7011 Description = Error - 11/05/2011 18:54:13 | Computer Name = Muggy | Source = LSM | ID = 1048 Description = Error - 11/05/2011 22:35:51 | Computer Name = Muggy | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.2 for the Network Card with network address 0019D138C5AD has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 12/05/2011 09:19:53 | Computer Name = Muggy | Source = LSM | ID = 1048 Description = < End of report >
  6. PurpleShark
    I`m not being redirected every time, but it is still happening. The new pages are still very slow to load though. I`m connected through a router. Is there anything else I can do to get it working properly again? I`ve restarted the computer in `normal mode` but I still have the white taskbar at the bottom of the screen and the grey shading around the outside of the notepad pages. Is that something I need to change on the actual system now?
  7. PurpleShark
    Is this a multiboot system? Not as far as I am aware. I have had to connect several external hard drives as I did not have enough memory on my C drive to store photos etc. It runs on Vista now, not XP. When I click on the Bootfile exe on my desktop, it says `unsupported file` in a black text box & doesn`t do anything else. http://www.virustotal.com/file-scan/report.html?id=f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6-1305201607 http://www.virustotal.com/file-scan/report.html?id=63bb8bb65906b9bf216b56ef3786d08c2ea87cbe938382d49d1b2f65a00c562f-1305202135 http://www.virustotal.com/file-scan/report.html?id=49e5e18980344912ccf8bb99be6508169fdd5422cb2f230d6defb971c3cfb48e-1305202255 http://www.virustotal.com/file-scan/report.html?id=867e851c0dbcd993e6c7c7a8e472769cf519ca368ce395b5e2a1265ca0678a48-1305201897 MBRbckp0.zip
  8. PurpleShark
    Yes, if you mean did I create the Notepad document & copy/paste the details.
  9. PurpleShark
    Ok, I`ve done that and run as admin but it just comes up with a box saying Windows Command Processor then when I click on Run, it flashes a black box very quickly onto the screen, but that doesn`t stay on screen. I do appreciate all your help with this.
  10. PurpleShark
    Save this as bmbr.bat Choose to "Save type as - All Files" Save it on your desktop. It should look like this: Double click on mbmr.bat & allow it to run It has 2 blue wheel like icons on the desktop, it doesn`t look like your picture.
  11. PurpleShark
    http://www.virustotal.com/file-scan/report.html?id=f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6-1305197992
  12. PurpleShark
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft
  13. PurpleShark
    Antivirus Version Last Update Result AhnLab-V3 2011.05.12.00 2011.05.11 - AntiVir 7.11.7.249 2011.05.12 - Antiy-AVL 2.0.3.7 2011.05.12 - Avast 4.8.1351.0 2011.05.11 - Avast5 5.0.677.0 2011.05.11 - AVG 10.0.0.1190 2011.05.12 - BitDefender 7.2 2011.05.12 - CAT-QuickHeal 11.00 2011.05.12 - ClamAV 0.97.0.0 2011.05.12 - Commtouch 5.3.2.6 2011.05.12 - Comodo 8672 2011.05.12 - DrWeb 5.0.2.03300 2011.05.12 - eSafe 7.0.17.0 2011.05.11 - eTrust-Vet 36.1.8323 2011.05.12 - F-Prot 4.6.2.117 2011.05.12 - F-Secure 9.0.16440.0 2011.05.12 - Fortinet 4.2.257.0 2011.05.12 - GData 22 2011.05.12 - Ikarus T3.1.1.103.0 2011.05.12 - Jiangmin 13.0.900 2011.05.11 - K7AntiVirus 9.103.4624 2011.05.11 - Kaspersky 9.0.0.837 2011.05.11 - McAfee 5.400.0.1158 2011.05.12 - McAfee-GW-Edition 2010.1D 2011.05.12 - Microsoft 1.6802 2011.05.12 - NOD32 6115 2011.05.12 - Norman 6.07.07 2011.05.12 - nProtect 2011-05-12.01 2011.05.12 - Panda 10.0.3.5 2011.05.11 - PCTools 7.0.3.5 2011.05.12 - Prevx 3.0 2011.05.12 - Rising 23.57.02.05 2011.05.11 - Sophos 4.65.0 2011.05.12 - SUPERAntiSpyware 4.40.0.1006 2011.05.12 - Symantec 20101.3.2.89 2011.05.12 - TheHacker 6.7.0.1.195 2011.05.11 - TrendMicro 9.200.0.1012 2011.05.12 - TrendMicro-HouseCall 9.200.0.1012 2011.05.12 - VBA32 3.12.16.0 2011.05.12 - VIPRE 9258 2011.05.12 - ViRobot 2011.5.12.4455 2011.05.12 - VirusBuster 13.6.349.0 2011.05.11 - Additional informationShow all MD5 : 4abf18f18a86a11b75f0234e206f5870 SHA1 : a6a572e4a843e3851de653dc82e02469d654051d SHA256: f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6
  14. PurpleShark
  15. PurpleShark
    Step 2. MBR backup: Open notepad and copy/paste the text in the codebox below into it: MBRCheck -s 0 -d MBRbckp0.dat MBRCheck -s 2 -d MBRbckp2.dat MBRCheck -s 3 -d MBRbckp3.dat MBRCheck -s 4 -d MBRbckp4.dat del 0% Save this as bmbr.bat Choose to "Save type as - All Files" Save it on your desktop. It should look like this: Double click on mbmr.bat & allow it to run Four files MBRbckp0.dat, MBRbckp2.dat, MBRbckp3.dat and MBRbckp4.dat will be created on your desktop. Zip the files and attach that zipped file in a reply. I`ve saved this to the desktop & double-clicked it but it doesn`t do anything & there aren`t four files being created on the desktop.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.