Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Tr.Generic?

  • 28-10-2009 11:22am
    #1
    Pacha
    Closed Accounts Posts: 135 ✭✭


    Can anybody help me out with this?
    I've been trying to clean up my sons laptop for ages but I've gone as far as I can on my own.
    I've run Kaspersky, HJT and combofix but there are still messages coming up saying there is a trojan in there somewhere.
    I dont have the exact name of it at the moment but it was something like TR.Generic
    I will post the HJT log from today

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:17:05, on 28/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Wireless LAN USB Dongle.lnk = C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jes\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    --
    End of file - 5677 bytes


Comments

  • #2
    Pacha
    Closed Accounts Posts: 135 ✭✭Pacha


    Something I forgot to mention.
    There were 4 entries for talktalk security in the HJT log before and we couldn't get rid of them. 3 are gone now but one is still there.
    We dont use talktalk security on this computer and there seems to be no way of uninstalling it.


  • #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    do you have the combofix log ?


  • #4
    Pacha
    Closed Accounts Posts: 135 ✭✭Pacha


    No I dont seem to have the log any more.
    I just tried to run combofix again to get a new one and the antivirus tried to block it saying it was HIDDENEXT/Crypted
    then I got a message saying

    'not safe to continue
    the combofix package has been compromised.
    you may be infected with a file patching virus 'Virut'

    I am just about to go out but will be back soon to continue with this.


  • #5
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    do this

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any     "<--- ROOKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click NO
    • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
    • Now click the Scan button.
      Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
    • Save it where you can easily find it, such as your desktop.
    Post the contents of GMER.txt in your next reply.


  • #6
    Pacha
    Closed Accounts Posts: 135 ✭✭Pacha


    Thanks a lot. I wasn't sure what to do next.
    Its been scanning for ages and we're still only up to programme files. :rolleyes:


  • Advertisement
  • #7
    Pacha
    Closed Accounts Posts: 135 ✭✭Pacha


    GMER 1.0.15.15163 - http://www.gmer.net
    Rootkit scan 2009-10-28 21:59:19
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Jes\LOCALS~1\Temp\pxtdypod.sys

    ---- System - GMER 1.0.15 ----
    SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateProcess [0xF9F7E614]
    SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateProcessEx [0xF9F7E6A8]
    SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateSection [0xF9F7E01A]
    SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwWriteVirtualMemory [0xF9F7DEE2]
    Code \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) IoCreateDevice
    ---- Kernel code sections - GMER 1.0.15 ----
    PAGE ntoskrnl.exe!IoCreateDevice 8059FA62 5 Bytes JMP F9F7CFA4 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisRegisterProtocol F9CAB17F 5 Bytes JMP F9F7CC37 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisOpenAdapter F9CAB399 5 Bytes JMP F9F7CE88 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisCloseAdapter F9CB5642 5 Bytes JMP F9F7CEB8 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisDeregisterProtocol F9CB5821 5 Bytes JMP F9F7CC9E \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisReturnPackets F9CB8810 5 Bytes JMP F9F80FE6 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisRequest F9CB897B 5 Bytes JMP F9F7F448 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSend F9CBB986 5 Bytes JMP F9F812AA \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSendPackets F9CBB9A3 5 Bytes JMP F9F8137C \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisTransferData F9CBB9BE 5 Bytes JMP F9F81108 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \FileSystem\Fastfat \Fat F5356D20
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.trspch tssoft32.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.I420 msh263.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv31 ir32_32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv32 ir32_32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv41 ir41_32.ax
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iyuv iyuv_32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.uyvy msyuv.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yuy2 msyuv.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvu9 tsbyuv.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvyu msyuv.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg723 msg723.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M263 msh263.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M261 msh261.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msaudio1 msaud32.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.sl_anet sl_anet.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.iac2 C:\WINDOWS\system32\iac25_32.ax
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv50 ir50_32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\WINDOWS\system32\l3codeca.acm
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wave rdpsnd.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@mixer rdpsnd.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@MaxBandwidth 22201
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wavemapper msacm32.drv
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@EnableMP3Codec 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@midimapper midimap.dll
    ---- Files - GMER 1.0.15 ----
    File C:\WINDOWS\I386\Critical Updates\KB896256-Nov 05\x86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB896256-Nov 05\x86\ENU\WindowsXP-KB896256-v3-x86-ENU.exe 2583280 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB896424-Nov 05\x86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB896424-Nov 05\x86\ENU\WINDOWSXP-KB896424-X86-ENU.EXE 2594032 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB902400-Oct 05\X86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB902400-Oct 05\X86\ENU\WindowsXP-KB902400-x86-ENU.exe 4934896 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB904706-Oct 05\DX8-WXP\X86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB904706-Oct 05\DX8-WXP\X86\ENU\WindowsXP-KB904706-x86-ENU.exe 1393392 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB904706-Oct 05\DX9-WXP\X86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB904706-Oct 05\DX9-WXP\X86\ENU\WindowsXP-KB904706-DX9-x86-ENU.exe 986376 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB905414-Oct 05\X86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB905414-Oct 05\X86\ENU\WindowsXP-KB905414-x86-ENU.exe 621296 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB905749-Oct 05\X86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB905749-Oct 05\X86\ENU\WindowsXP-KB905749-x86-ENU.exe 582384 bytes executable
    File C:\WINDOWS\I386\Critical Updates\KB906569-Oct 05\x86\ENU 0 bytes
    File C:\WINDOWS\I386\Critical Updates\KB906569-Oct 05\x86\ENU\WindowsXP-KB906569-v2-x86-ENU.exe 559856 bytes executable
    File C:\WINDOWS\I386\Critical Updates\OCA-Dec 05\OCA-x86-ENU\files\HistoryToolTest.exe 8192 bytes executable
    File C:\WINDOWS\I386\Critical Updates\OCA-Dec 05\OCA-x86-ENU\files\ocaclient.h 4789 bytes
    File C:\WINDOWS\I386\Critical Updates\OCA-Dec 05\OCA-x86-ENU\files\OcaHistory.dll 54784 bytes executable
    File C:\WINDOWS\I386\Critical Updates\OCA-Dec 05\OCA-x86-ENU\files\OcaHistory.lib 2318 bytes
    File C:\WINDOWS\I386\Critical Updates\OCA-Dec 05\OCA-x86-ENU\files\readme.txt 1591 bytes
    File C:\WINDOWS\I386\LANG\A15.TB_ 1444 bytes
    File C:\WINDOWS\I386\LANG\A234.TB_ 33257 bytes
    File C:\WINDOWS\I386\LANG\ACODE.TB_ 41606 bytes
    File C:\WINDOWS\I386\LANG\APP932.FO_ 20721 bytes
    File C:\WINDOWS\I386\LANG\APP936.FO_ 19599 bytes
    File C:\WINDOWS\I386\LANG\APP949.FO_ 18403 bytes
    File C:\WINDOWS\I386\LANG\APP950.FO_ 19601 bytes
    File C:\WINDOWS\I386\LANG\ARPHR.TB_ 81026 bytes
    File C:\WINDOWS\I386\LANG\ARPTR.TB_ 7338 bytes
    File C:\WINDOWS\I386\LANG\ARRAY30.TA_ 98846 bytes
    File C:\WINDOWS\I386\LANG\ARRAYHW.TA_ 8414 bytes
    File C:\WINDOWS\I386\LANG\BATANG.TT_ 5679597 bytes
    File C:\WINDOWS\I386\LANG\C8514FIX.FO_ 2535 bytes
    File C:\WINDOWS\I386\LANG\C8514OEM.FO_ 2827 bytes
    File C:\WINDOWS\I386\LANG\C8514SYS.FO_ 2901 bytes
    File C:\WINDOWS\I386\LANG\CHAJEI.IM_ 34929 bytes
    File C:\WINDOWS\I386\LANG\CHSBRKR.DL_ 647526 bytes
    File C:\WINDOWS\I386\LANG\CHTAPT.CH_ 101631 bytes
    File C:\WINDOWS\I386\LANG\CHTAPT.HL_ 67929 bytes
    File C:\WINDOWS\I386\LANG\CHTBRKR.DL_ 298948 bytes
    File C:\WINDOWS\I386\LANG\CHTMBX.DL_ 47305 bytes
    File C:\WINDOWS\I386\LANG\CHTPADEN.CH_ 101067 bytes
    File C:\WINDOWS\I386\LANG\CHTSKDIC.DI_ 134635 bytes
    File C:\WINDOWS\I386\LANG\CHTSKDIC.DL_ 14559 bytes
    File C:\WINDOWS\I386\LANG\CHTSKF.DL_ 110237 bytes
    File C:\WINDOWS\I386\LANG\CINTIME.DL_ 103418 bytes
    File C:\WINDOWS\I386\LANG\CINTLGB.IM_ 380298 bytes
    File C:\WINDOWS\I386\LANG\CINTLGD.IM_ 197086 bytes
    File C:\WINDOWS\I386\LANG\CINTLGIE.IM_ 240843 bytes
    File C:\WINDOWS\I386\LANG\CINTLGL.IM_ 20314 bytes
    File C:\WINDOWS\I386\LANG\CINTLGNT.CH_ 37395 bytes
    File C:\WINDOWS\I386\LANG\CINTLGNT.CN_ 203 bytes
    File C:\WINDOWS\I386\LANG\CINTLGNT.HL_ 1937 bytes
    File C:\WINDOWS\I386\LANG\CINTLGNT.IM_ 6377 bytes
    File C:\WINDOWS\I386\LANG\CINTLGS.IM_ 1274 bytes
    File C:\WINDOWS\I386\LANG\CINTLGSI.IM_ 100421 bytes
    File C:\WINDOWS\I386\LANG\CINTLGU.IM_ 86954 bytes
    File C:\WINDOWS\I386\LANG\CINTSETP.EX_ 168685 bytes
    File C:\WINDOWS\I386\LANG\CJHLPEN.CH_ 27452 bytes
    File C:\WINDOWS\I386\LANG\CJHLPEN.CN_ 216 bytes
    File C:\WINDOWS\I386\LANG\CJHLPEN.HL_ 2918 bytes
    File C:\WINDOWS\I386\LANG\CPLEXE.EX_ 19783 bytes
    File C:\WINDOWS\I386\LANG\CVGAFIX.FO_ 2014 bytes
    File C:\WINDOWS\I386\LANG\CVGASYS.FO_ 2412 bytes
    File C:\WINDOWS\I386\LANG\DAYI.IM_ 35561 bytes
    File C:\WINDOWS\I386\LANG\DAYIPHR.TB_ 454 bytes
    File C:\WINDOWS\I386\LANG\DAYIPTR.TB_ 594 bytes
    File C:\WINDOWS\I386\LANG\FTLX0411.DL_ 3407 bytes
    File C:\WINDOWS\I386\LANG\GULIM.TT_ 3997554 bytes
    File C:\WINDOWS\I386\LANG\H8514FIX.FO_ 2479 bytes
    File C:\WINDOWS\I386\LANG\H8514OEM.FO_ 3083 bytes
    File C:\WINDOWS\I386\LANG\H8514SYS.FO_ 2801 bytes
    File C:\WINDOWS\I386\LANG\HANJA.LE_ 57766 bytes
    File C:\WINDOWS\I386\LANG\HANJADIC.DL_ 19319 bytes
    File C:\WINDOWS\I386\LANG\HVGAFIX.FO_ 1976 bytes
    File C:\WINDOWS\I386\LANG\HWXCHT.DL_ 6691525 bytes
    File C:\WINDOWS\I386\LANG\HWXJPN.DL_ 8422595 bytes
    File C:\WINDOWS\I386\LANG\HWXKOR.DL_ 6399501 bytes
    File C:\WINDOWS\I386\LANG\IMEKR.LE_ 95774 bytes
    File C:\WINDOWS\I386\LANG\IMEKR61.IM_ 40164 bytes
    File C:\WINDOWS\I386\LANG\IMEKRCIC.DL_ 43747 bytes
    File C:\WINDOWS\I386\LANG\IMEKRMBX.DL_ 41565 bytes
    File C:\WINDOWS\I386\LANG\IMEKRMIG.EX_ 24627 bytes
    File C:\WINDOWS\I386\LANG\IMEPADEN.HL_ 59581 bytes
    File C:\WINDOWS\I386\LANG\IMEPADSM.DL_ 41261 bytes
    File C:\WINDOWS\I386\LANG\IMEPADSV.EX_ 103857 bytes
    File C:\WINDOWS\I386\LANG\IMJP81.IM_ 128815 bytes
    File C:\WINDOWS\I386\LANG\IMJP81K.DL_ 344902 bytes
    File C:\WINDOWS\I386\LANG\IMJPCD.DI_ 80205 bytes
    File C:\WINDOWS\I386\LANG\IMJPCH.DI_ 17079 bytes
    File C:\WINDOWS\I386\LANG\IMJPCIC.DL_ 141584 bytes
    File C:\WINDOWS\I386\LANG\IMJPCL.CH_ 1067917 bytes
    File C:\WINDOWS\I386\LANG\IMJPCL.HL_ 313995 bytes
    File C:\WINDOWS\I386\LANG\IMJPCLE.HL_ 325018 bytes
    File C:\WINDOWS\I386\LANG\IMJPCUS.DL_ 113688 bytes
    File C:\WINDOWS\I386\LANG\IMJPDADM.EX_ 20793 bytes
    File C:\WINDOWS\I386\LANG\IMJPDCT.DL_ 29662 bytes
    File C:\WINDOWS\I386\LANG\IMJPDCT.EX_ 108552 bytes
    File C:\WINDOWS\I386\LANG\IMJPDSVR.EX_ 57937 bytes
    File C:\WINDOWS\I386\LANG\IMJPDT.CH_ 1027669 bytes
    File C:\WINDOWS\I386\LANG\IMJPDTE.CH_ 962508 bytes
    File C:\WINDOWS\I386\LANG\IMJPGN.GR_ 77951 bytes
    File C:\WINDOWS\I386\LANG\IMJPINST.EX_ 76627 bytes
    File C:\WINDOWS\I386\LANG\IMJPINST.IN_ 1925 bytes
    File C:\WINDOWS\I386\LANG\IMJPLN.DI_ 523387 bytes
    File C:\WINDOWS\I386\LANG\IMJPMIG.EX_ 77896 bytes
    File C:\WINDOWS\I386\LANG\IMJPNM.DI_ 5437499 bytes
    File C:\WINDOWS\I386\LANG\IMJPPD.CH_ 1027121 bytes
    File C:\WINDOWS\I386\LANG\IMJPRW.EX_ 88015 bytes
    File C:\WINDOWS\I386\LANG\IMJPSB.DI_ 60351 bytes
    File C:\WINDOWS\I386\LANG\IMJPSM.CH_ 766571 bytes
    File C:\WINDOWS\I386\LANG\IMJPSME.CH_ 817728 bytes
    File C:\WINDOWS\I386\LANG\IMJPSME.HL_ 245212 bytes
    File C:\WINDOWS\I386\LANG\IMJPST.DI_ 8614079 bytes
    File C:\WINDOWS\I386\LANG\IMJPTK.DI_ 388105 bytes
    File C:\WINDOWS\I386\LANG\IMJPTU.CH_ 495555 bytes
    File C:\WINDOWS\I386\LANG\IMJPUEX.EX_ 12270 bytes
    File C:\WINDOWS\I386\LANG\IMJPUTY.EX_ 90012 bytes
    File C:\WINDOWS\I386\LANG\IMJPUTYC.DL_ 92977 bytes
    File C:\WINDOWS\I386\LANG\IMJPZP.DI_ 3392023 bytes
    File C:\WINDOWS\I386\LANG\IMKR61.CH_ 58419 bytes
    File C:\WINDOWS\I386\LANG\IMKR61.HL_ 6067 bytes
    File C:\WINDOWS\I386\LANG\IMKREN61.CH_ 59441 bytes
    File C:\WINDOWS\I386\LANG\IMKREN61.HL_ 6511 bytes
    File C:\WINDOWS\I386\LANG\IMKRINST.EX_ 32633 bytes
    File C:\WINDOWS\I386\LANG\IMKRINST.IN_ 1595 bytes
    File C:\WINDOWS\I386\LANG\IMLANG.DL_ 41083 bytes
    File C:\WINDOWS\I386\LANG\IMPDKO61.CH_ 64351 bytes
    File C:\WINDOWS\I386\LANG\IMSCINST.EX_ 28139 bytes
    File C:\WINDOWS\I386\LANG\CHTAPTEN.HL_ 65059 bytes
    File C:\WINDOWS\I386\LANG\CINTLGUC.IM_ 98317 bytes
    File C:\WINDOWS\I386\LANG\HVGASYS.FO_ 2328 bytes
    File C:\WINDOWS\I386\LANG\IMJPCLE.CH_ 1010226 bytes
    File C:\WINDOWS\I386\LANG\IMJPSM.HL_ 180809 bytes
    File C:\WINDOWS\I386\LANG\IMSKDIC.DL_ 213462 bytes
    File C:\WINDOWS\I386\LANG\MSIR3JP.DL_ 50040 bytes
    File C:\WINDOWS\I386\LANG\PHONCODE.TB_ 41985 bytes
    File C:\WINDOWS\I386\LANG\PINTLPAE.CH_ 48861 bytes
    File C:\WINDOWS\I386\LANG\TINTLPHR.EX_ 20507 bytes
    File C:\WINDOWS\I386\LANG\IMSKF.DL_ 161686 bytes
    File C:\WINDOWS\I386\LANG\J8514FIX.FO_ 2569 bytes
    File C:\WINDOWS\I386\LANG\J8514OEM.FO_ 2817 bytes
    File C:\WINDOWS\I386\LANG\J8514SYS.FO_ 3047 bytes
    File C:\WINDOWS\I386\LANG\JPNPADEN.CH_ 962699 bytes
    File C:\WINDOWS\I386\LANG\JSMALLE.FO_ 11640 bytes
    File C:\WINDOWS\I386\LANG\JSMALLF.FO_ 12500 bytes
    File C:\WINDOWS\I386\LANG\JVGAFIX.FO_ 1874 bytes
    File C:\WINDOWS\I386\LANG\JVGASYS.FO_ 2396 bytes
    File C:\WINDOWS\I386\LANG\KORPADEN.CH_ 45691 bytes
    File C:\WINDOWS\I386\LANG\KORWBRKR.DL_ 26745 bytes
    File C:\WINDOWS\I386\LANG\KORWBRKR.LE_ 692187 bytes
    File C:\WINDOWS\I386\LANG\LCPHRASE.TB_ 108359 bytes
    File C:\WINDOWS\I386\LANG\LCPTR.TB_ 14492 bytes
    File C:\WINDOWS\I386\LANG\MINGLIU.TT_ 4545568 bytes
    File C:\WINDOWS\I386\LANG\MINIIME.TP_ 3320 bytes
    File C:\WINDOWS\I386\LANG\MSDAYI.TB_ 89521 bytes
    File C:\WINDOWS\I386\LANG\MSGOTHIC.TT_ 3280165 bytes
    File C:\WINDOWS\I386\LANG\MSIR3JP.LE_ 698666 bytes
    File C:\WINDOWS\I386\LANG\MSMINCHO.TT_ 3937475 bytes
    File C:\WINDOWS\I386\LANG\MULTIBOX.DL_ 92565 bytes
    File C:\WINDOWS\I386\LANG\NOISE.CH_ 714 bytes
    File C:\WINDOWS\I386\LANG\NOISE.JP_ 738 bytes
    File C:\WINDOWS\I386\LANG\NOISE.KO_ 540 bytes
    File C:\WINDOWS\I386\LANG\PADRS404.DL_ 5319 bytes
    File C:\WINDOWS\I386\LANG\PADRS411.DL_ 6669 bytes
    File C:\WINDOWS\I386\LANG\PADRS412.DL_ 4307 bytes
    File C:\WINDOWS\I386\LANG\PADRS804.DL_ 5229 bytes
    File C:\WINDOWS\I386\LANG\PHHLP.CH_ 100556 bytes
    File C:\WINDOWS\I386\LANG\PHHLP.CN_ 196 bytes
    File C:\WINDOWS\I386\LANG\PHHLP.HL_ 41728 bytes
    File C:\WINDOWS\I386\LANG\PHHLPEN.CH_ 152544 bytes
    File C:\WINDOWS\I386\LANG\PHHLPEN.CN_ 216 bytes
    File C:\WINDOWS\I386\LANG\PHHLPEN.HL_ 68600 bytes
    File C:\WINDOWS\I386\LANG\PHON.IM_ 35327 bytes
    File C:\WINDOWS\I386\LANG\PHON.TB_ 1821 bytes
    File C:\WINDOWS\I386\LANG\PHONPTR.TB_ 2814 bytes
    File C:\WINDOWS\I386\LANG\PINTLCSA.DL_ 110545 bytes
    File C:\WINDOWS\I386\LANG\PINTLCSD.DI_ 89213 bytes
    File C:\WINDOWS\I386\LANG\PINTLCSD.DL_ 12801 bytes
    File C:\WINDOWS\I386\LANG\PINTLCSK.DI_ 186823 bytes
    File C:\WINDOWS\I386\LANG\PINTLGC.IM_ 137132 bytes
    File C:\WINDOWS\I386\LANG\PINTLGD.IM_ 523956 bytes
    File C:\WINDOWS\I386\LANG\PINTLGDX.IM_ 567765 bytes
    File C:\WINDOWS\I386\LANG\PINTLGI.IM_ 508776 bytes
    File C:\WINDOWS\I386\LANG\PINTLGIX.IM_ 551493 bytes
    File C:\WINDOWS\I386\LANG\PINTLGL.IM_ 160828 bytes
    File C:\WINDOWS\I386\LANG\PINTLGNE.CH_ 106947 bytes
    File C:\WINDOWS\I386\LANG\PINTLGNT.CH_ 89129 bytes
    File C:\WINDOWS\I386\LANG\PINTLGNT.IM_ 227911 bytes
    File C:\WINDOWS\I386\LANG\PINTLGR.IM_ 237730 bytes
    File C:\WINDOWS\I386\LANG\PINTLGS.IM_ 7026072 bytes
    File C:\WINDOWS\I386\LANG\PINTLPAD.CH_ 65841 bytes
    File C:\WINDOWS\I386\LANG\PINTLPAD.HL_ 3867 bytes
    File C:\WINDOWS\I386\LANG\PINTLPAE.HL_ 4269 bytes
    File C:\WINDOWS\I386\LANG\PINTLPHR.EX_ 34535 bytes
    File C:\WINDOWS\I386\LANG\PMIGRATE.DL_ 26823 bytes
    File C:\WINDOWS\I386\LANG\QUICK.IM_ 34618 bytes
    File C:\WINDOWS\I386\LANG\ROMANIME.IM_ 11061 bytes
    File C:\WINDOWS\I386\LANG\S8514FIX.FO_ 2481 bytes
    File C:\WINDOWS\I386\LANG\S8514OEM.FO_ 3111 bytes
    File C:\WINDOWS\I386\LANG\S8514SYS.FO_ 2899 bytes
    File C:\WINDOWS\I386\LANG\SIMHEI.TT_ 4762195 bytes
    File C:\WINDOWS\I386\LANG\SIMSUN.TT_ 5321389 bytes
    File C:\WINDOWS\I386\LANG\SOFTKEY.DL_ 59128 bytes
    File C:\WINDOWS\I386\LANG\SVGAFIX.FO_ 1972 bytes
    File C:\WINDOWS\I386\LANG\SVGASYS.FO_ 2412 bytes
    File C:\WINDOWS\I386\LANG\TINTLGC.IM_ 125566 bytes
    File C:\WINDOWS\I386\LANG\TINTLGD_.IM_ 196777 bytes
    File C:\WINDOWS\I386\LANG\TINTLGL.IM_ 294698 bytes
    File C:\WINDOWS\I386\LANG\TINTLGNT.IM_ 208741 bytes
    File C:\WINDOWS\I386\LANG\TINTLGS.IM_ 818146 bytes
    File C:\WINDOWS\I386\LANG\TINTSETP.EX_ 9231 bytes
    File C:\WINDOWS\I386\LANG\TMIGRATE.DL_ 5255 bytes
    File C:\WINDOWS\I386\LANG\UNICDIME.IM_ 28293 bytes
    File C:\WINDOWS\I386\LANG\UNIIME.DL_ 34837 bytes
    File C:\WINDOWS\I386\LANG\VGA932.FO_ 2067 bytes
    File C:\WINDOWS\I386\LANG\VGA936.FO_ 2463 bytes
    File C:\WINDOWS\I386\LANG\VGA949.FO_ 2491 bytes
    File C:\WINDOWS\I386\LANG\VGA950.FO_ 2463 bytes
    File C:\WINDOWS\I386\LANG\VOICEENG.CH_ 64561 bytes
    File C:\WINDOWS\I386\LANG\VOICEJP.CH_ 63078 bytes
    File C:\WINDOWS\I386\LANG\VOICEPAD.DL_ 173283 bytes
    File C:\WINDOWS\I386\LANG\VOICESUB.DL_ 34949 bytes
    File C:\WINDOWS\I386\LANG\WINAR30.IM_ 35416 bytes
    File C:\WINDOWS\I386\LANG\WINGB.CH_ 44326 bytes
    File C:\WINDOWS\I386\LANG\WINGB.IM_ 31792 bytes
    File C:\WINDOWS\I386\LANG\WINIME.CH_ 165031 bytes
    File C:\WINDOWS\I386\LANG\WINIME.IM_ 28813 bytes
    File C:\WINDOWS\I386\LANG\WINPY.CH_ 32370 bytes
    File C:\WINDOWS\I386\LANG\WINPY.IM_ 51624 bytes
    File C:\WINDOWS\I386\LANG\WINPY.MB_ 343321 bytes
    File C:\WINDOWS\I386\LANG\WINSP.CH_ 37740 bytes
    File C:\WINDOWS\I386\LANG\WINSP.IM_ 51624 bytes
    File C:\WINDOWS\I386\LANG\WINSP.MB_ 311147 bytes
    File C:\WINDOWS\I386\LANG\WINZM.CH_ 151662 bytes
    File C:\WINDOWS\I386\LANG\WINZM.IM_ 51644 bytes
    File C:\WINDOWS\I386\LANG\WINZM.MB_ 314675 bytes
    File C:\WINDOWS\$NtUninstallKB961503$\spuninst 0 bytes
    ---- EOF - GMER 1.0.15 ----


  • #8
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.exe
      %SYSTEMDRIVE%\eventlog.dll /s /md5
      %SYSTEMDRIVE%\scecli.dll /s /md5
      %SYSTEMDRIVE%\netlogon.dll /s /md5
      %SYSTEMDRIVE%\cngaudit.dll /s /md5
      %SYSTEMDRIVE%\sceclt.dll /s /md5
      %SYSTEMDRIVE%\ntelogon.dll /s /md5
      %SYSTEMDRIVE%\logevent.dll /s /md5
      %SYSTEMDRIVE%\iaStor.sys /s /md5
      %SYSTEMDRIVE%\nvstor.sys /s /md5
      %SYSTEMDRIVE%\atapi.sys /s /md5
      %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
      %SYSTEMDRIVE%\viasraid.sys /s /md5
      %SYSTEMDRIVE%\AGP440.sys /s /md5
      %SYSTEMDRIVE%\vaxscsi.sys /s /md5

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


  • #9
    Pacha
    Closed Accounts Posts: 135 ✭✭Pacha


    This message just popped up again so I thought I'd post it for you
    A virus or unwanted programme was found
    C:\System Volume Information\...\A0125539.pif
    The file contains an executable. This however is disguised by a harmless file extension HIDDENEXT/Crypted


  • #10
    Pacha
    Closed Accounts Posts: 135 ✭✭Pacha


    OTL logfile created on: 28/10/2009 22:57:19 - Run 1
    OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Jes\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    223.36 Mb Total Physical Memory | 120.55 Mb Available Physical Memory | 53.97% Memory free
    545.36 Mb Paging File | 336.94 Mb Available in Paging File | 61.78% Paging File free
    Paging file location(s): C:\pagefile.sys 336 672 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.11 Gb Total Space | 8.76 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SKULL
    Current User Name: Jes
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2009/10/28 22:55:56 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jes\Desktop\OTL.exe
    PRC - [2008/12/17 11:47:02 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
    PRC - [2008/12/17 11:47:02 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
    PRC - [2008/12/17 11:47:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    PRC - [2007/10/31 19:20:50 | 00,249,896 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    PRC - [2007/10/31 19:20:50 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    PRC - [2007/10/02 22:06:44 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    PRC - [2005/11/16 20:27:04 | 00,483,328 | ---- | M] (X-Micro Technology Corp.) -- C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe
    PRC - [2005/08/01 07:55:00 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

    ========== Win32 Services (SafeList) ==========

    SRV - File not found -- -- (Nlnphrvt [On_Demand | Stopped])
    SRV - [2008/12/17 11:47:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
    SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
    SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
    SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
    SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
    SRV - [2007/10/31 19:20:50 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
    SRV - [2007/10/02 22:06:44 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
    SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
    SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
    SRV - [2006/08/21 21:58:32 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
    SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
    SRV - [2001/09/04 10:15:22 | 00,045,056 | ---- | M] (F-Secure Corp.) -- C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Stopped])

    ========== Modules (SafeList) ==========

    MOD - [2009/10/28 22:55:56 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jes\Desktop\OTL.exe
    MOD - [2008/04/14 01:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZC&fl=0&ptb=AvtixrxEWsewdlG483J.kg&ind=2007041611&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/17 11:47:07 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/20 12:35:05 | 00,000,000 | ---D | M]


    O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless LAN USB Dongle.lnk = C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jes\Start Menu\Programs\IMVU\Run IMVU.lnk ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.242
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/19 17:20:53 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    NetSvcs: 6to4 - Service key not found. File not found
    NetSvcs: Ias - Service key not found. File not found
    NetSvcs: Iprip - Service key not found. File not found
    NetSvcs: Irmon - Service key not found. File not found
    NetSvcs: NWCWorkstation - Service key not found. File not found
    NetSvcs: Nwsapagent - Service key not found. File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - Service key not found. File not found
    NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe - (InterVideo Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk - - File not found
    MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
    MsConfig - StartUpReg: AOL_Demo - hkey= - key= - C:\Applications\Tool\AOL Demo\DSGDemo.exe (Macromedia, Inc.)
    MsConfig - StartUpReg: F-Secure Manager - hkey= - key= - C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE (F-Secure Corporation)
    MsConfig - StartUpReg: F-Secure Startup Wizard - hkey= - key= - C:\Program Files\TalkTalk Online Security\FSGUI\FSSW.EXE (F-Secure Corporation)
    MsConfig - StartUpReg: F-Secure TNB - hkey= - key= - C:\Program Files\TalkTalk Online Security\TNB\TNBUtil.exe (F-Secure Corporation)
    MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: News Service - hkey= - key= - C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe (F-Secure Corporation)
    MsConfig - StartUpReg: SiS Windows KeyHook - hkey= - key= - File not found
    MsConfig - StartUpReg: SiSPower - hkey= - key= - File not found
    MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - Service
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PEVSystemStart - Service
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: procexp90.Sys - Driver
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E68F1148-8AC9-476A-8E6F-FFC7105A8A1D} - Microsoft Windows Media Player 6.4
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


    ========== Files/Folders - Created Within 14 Days ==========

    [1 C:\WINDOWS\*.tmp files]
    [2009/10/23 15:05:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
    [2009/10/22 11:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/22 08:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2009/10/22 11:27:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jes\Application Data\Malwarebytes
    [2009/10/20 13:08:21 | 00,000,000 | ---D | C] -- C:\Program Files\Hijack this
    [2009/10/22 11:27:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/22 08:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2009/10/20 13:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/10/28 22:50:16 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jes\Desktop\OTL.exe
    [2009/10/23 15:04:45 | 17,436,560 | ---- | C] (Agnitum, Ltd. ) -- C:\Program Files\OutpostFreeInstall.exe
    [2009/10/22 20:09:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2009/10/22 19:36:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/10/22 19:29:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/10/22 19:29:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/10/22 19:28:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/10/22 19:28:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/10/22 19:26:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/10/22 19:24:58 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/10/22 12:18:18 | 09,280,864 | ---- | C] (F-Secure Corporation) -- C:\Program Files\fseasyclean.exe
    [2009/10/22 11:27:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/10/22 11:27:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/10/22 11:26:39 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
    [2009/10/22 08:16:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2009/06/07 19:01:13 | 04,780,600 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXWebPlayerInstaller.exe
    [2008/02/21 09:30:45 | 00,577,312 | ---- | C] (Three Rings Design, Inc.) -- C:\Program Files\yohoho-78-0-install.exe
    [2008/01/22 23:38:28 | 15,087,616 | ---- | C] (Octopi, Inc) -- C:\Program Files\PoxNora.exe
    [2008/01/17 21:17:08 | 00,419,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\funfamily-emoticons.exe
    [2007/10/08 21:50:26 | 03,954,000 | ---- | C] (Patchou) -- C:\Program Files\MsgPlusLive-423.exe
    [2007/02/20 22:02:04 | 41,459,1484 | ---- | C] ( ) -- C:\Program Files\LcInstallUSA_61212.exe
    [2006/10/15 21:19:38 | 01,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
    [2006/10/02 17:29:59 | 16,332,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger_nous.exe
    [2006/09/23 00:25:13 | 00,243,512 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
    [2006/09/12 08:39:20 | 04,862,400 | ---- | C] (Opera Software ASA ) -- C:\Program Files\Opera_9.01_Eng_Setup.exe
    [1998/09/11 16:10:28 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ENGLISH.FLL
    [1998/09/11 16:05:38 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SIMSUI.DLL
    [1998/09/11 16:05:36 | 12,467,200 | ---- | C] (Microsoft® Corporation) -- C:\Program Files\setupenu.dll
    [1998/09/11 16:04:38 | 00,565,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp50.dll
    [1998/09/11 16:04:28 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mdltemp.mod
    [1998/09/11 16:04:28 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mdl610.mod
    [1998/09/11 16:03:20 | 16,249,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DIALOG.DLL

    ========== Files - Modified Within 14 Days ==========

    [4 C:\WINDOWS\System32\*.tmp files]
    [1 C:\WINDOWS\*.tmp files]
    [2009/10/28 22:55:56 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jes\Desktop\OTL.exe
    [2009/10/28 22:07:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/10/28 22:06:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/10/28 22:06:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/10/28 18:00:23 | 00,000,554 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jes.job
    [2009/10/28 12:08:48 | 00,564,094 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/10/28 12:08:48 | 00,471,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/10/28 12:08:48 | 00,083,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/10/23 15:05:02 | 17,436,560 | ---- | M] (Agnitum, Ltd. ) -- C:\Program Files\OutpostFreeInstall.exe
    [2009/10/23 14:38:34 | 00,033,528 | ---- | M] () -- C:\Documents and Settings\Jes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/10/22 20:03:06 | 00,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/10/22 19:36:51 | 00,000,281 | RHS- | M] () -- C:\boot.ini
    [2009/10/22 12:19:18 | 09,280,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\fseasyclean.exe
    [2009/10/22 11:56:38 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/10/22 11:56:38 | 00,000,211 | ---- | M] () -- C:\Boot.bak
    [2009/10/22 11:26:48 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
    [2009/10/22 09:34:13 | 00,000,107 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2009/10/22 08:20:57 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Jes\Desktop\Spybot - Search & Destroy.lnk
    [2009/10/22 08:16:53 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2009/10/21 21:19:05 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/10/20 13:09:05 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jes\Desktop\HijackThis.lnk
    [2009/10/20 12:37:21 | 00,242,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/10/20 12:03:27 | 05,327,552 | -H-- | M] () -- C:\Documents and Settings\Jes\Local Settings\Application Data\IconCache.db

    ========== Files - No Company Name ==========
    [2009/10/22 19:36:51 | 00,000,211 | ---- | C] () -- C:\Boot.bak
    [2009/10/22 19:36:43 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/10/22 19:29:00 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/10/22 19:29:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/10/22 19:28:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/10/22 19:28:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/10/22 09:34:13 | 00,000,107 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/10/22 08:20:57 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Jes\Desktop\Spybot - Search & Destroy.lnk
    [2009/10/21 21:00:16 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2009/10/20 13:09:05 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jes\Desktop\HijackThis.lnk
    [2009/05/21 17:00:53 | 10,216,240 | ---- | C] () -- C:\Program Files\VeohVideoCompassSetup_eng.exe
    [2009/05/21 16:58:54 | 00,027,819 | ---- | C] () -- C:\Program Files\VeohSetup-3[1].2.0.1070.exe
    [2009/03/28 10:48:25 | 02,870,110 | ---- | C] () -- C:\Program Files\DofusInstaller_v1_26_0.exe
    [2008/12/22 15:31:09 | 26,870,229 | ---- | C] () -- C:\Program Files\CorumOnlineNew_2008-03-29.exe
    [2008/12/22 15:27:57 | 01,563,804 | ---- | C] () -- C:\Program Files\CorumOnlineFullClient.zip
    [2008/03/20 17:34:52 | 16,921,2815 | ---- | C] () -- C:\Program Files\WYDGLOBAL750.exe
    [2008/02/02 22:01:49 | 63,143,2329 | ---- | C] () -- C:\Program Files\Outspark_Fiesta.1.2.75.exe
    [2008/01/21 22:16:41 | 10,180,352 | ---- | C] () -- C:\Program Files\InstallIMVU_390.0_full.exe
    [2007/12/03 14:40:09 | 38,224,1561 | ---- | C] () -- C:\Program Files\LastChaosClient.zip
    [2007/10/08 12:35:16 | 00,001,471 | ---- | C] () -- C:\WINDOWS\Gemstorm.ini
    [2007/09/20 20:14:24 | 00,050,375 | ---- | C] () -- C:\Program Files\SAtrainerFinalv3.zip
    [2007/09/20 16:47:56 | 02,841,064 | ---- | C] () -- C:\Program Files\Shockwave_Installer_Slim.exe
    [2007/08/16 17:35:06 | 62,651,6421 | ---- | C] () -- C:\Program Files\CorumOnlineNew_03210702.exe
    [2007/06/14 21:11:58 | 00,842,672 | ---- | C] () -- C:\Program Files\slsk156c.exe
    [2007/04/23 15:51:45 | 00,004,581 | ---- | C] () -- C:\Program Files\legitcheck.hta
    [2007/01/05 00:09:59 | 00,000,330 | ---- | C] () -- C:\WINDOWS\ARCADE2.INI
    [2007/01/05 00:05:24 | 21,379,9836 | ---- | C] () -- C:\Program Files\Worms.zip
    [2007/01/05 00:04:41 | 12,036,9562 | ---- | C] () -- C:\Program Files\PC Games - Microsoft Combat Flight Simulator.zip
    [2007/01/05 00:04:41 | 00,273,047 | ---- | C] () -- C:\Program Files\Pac-Man.rar
    [2007/01/05 00:04:18 | 57,398,567 | ---- | C] () -- C:\Program Files\Games - Worms World Party.zip
    [2007/01/05 00:02:38 | 13,435,8357 | ---- | C] () -- C:\Program Files\(PC GAMES) - Risk 2 (Tested).zip
    [2007/01/04 23:53:38 | 01,035,090 | ---- | C] () -- C:\Program Files\wrar361.exe
    [2006/12/06 20:49:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
    [2006/09/12 00:29:56 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
    [2006/09/12 00:15:30 | 11,746,992 | ---- | C] () -- C:\Program Files\antivir_workstation_win7u_en_h.exe
    [2006/08/20 22:40:34 | 00,000,262 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2006/08/20 22:33:26 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2006/08/20 22:29:18 | 00,033,528 | ---- | C] () -- C:\Documents and Settings\Jes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2006/08/20 09:49:44 | 00,000,252 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2006/08/19 22:12:24 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\Jes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/08/19 17:21:37 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2006/08/19 17:21:06 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2006/08/19 17:16:52 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2006/08/19 17:16:52 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2006/08/19 17:16:52 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2006/08/19 16:46:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jes\Application Data\desktop.ini
    [2006/08/19 16:46:07 | 05,327,552 | -H-- | C] () -- C:\Documents and Settings\Jes\Local Settings\Application Data\IconCache.db
    [2006/03/23 19:33:13 | 00,000,468 | ---- | C] () -- C:\WINDOWS\dialer.ini
    [2005/09/12 19:04:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/09/09 18:39:12 | 00,001,456 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/09/09 18:38:53 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
    [2005/09/09 18:38:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\system.ini
    [2005/09/09 11:44:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2005/09/02 00:39:24 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/09/02 00:39:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2005/09/02 00:39:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005/07/12 15:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/03/23 17:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2004/01/14 22:22:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
    [2004/01/14 21:56:47 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2004/01/14 21:56:47 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
    [2004/01/14 21:46:18 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2004/01/14 21:46:18 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2004/01/14 21:46:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2004/01/14 21:46:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2004/01/14 21:46:18 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2004/01/14 21:46:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2004/01/14 21:01:08 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2004/01/14 20:43:01 | 00,075,495 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
    [2004/01/14 20:42:43 | 00,074,957 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2001/12/26 17:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/09/04 00:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 17:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 23:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [2001/04/05 20:49:52 | 00,009,345 | ---- | C] () -- C:\Program Files\COMBATFS.CFG
    [2001/04/05 20:44:48 | 00,000,099 | ---- | C] () -- C:\Program Files\CFSCONV.CFG
    [1998/10/16 23:20:00 | 00,000,493 | ---- | C] () -- C:\Program Files\C.REG
    [1998/09/11 16:04:58 | 00,082,769 | ---- | C] () -- C:\Program Files\readme.rtf
    [1998/09/11 16:04:58 | 00,040,115 | ---- | C] () -- C:\Program Files\readme.htm
    [1998/09/11 16:04:38 | 00,001,405 | ---- | C] () -- C:\Program Files\multiplayer.mis
    [1998/09/11 16:04:26 | 00,014,075 | ---- | C] () -- C:\Program Files\index_file
    [1998/09/11 16:03:08 | 00,036,066 | ---- | C] () -- C:\Program Files\devices.cfg
    [1998/09/11 16:03:08 | 00,035,212 | ---- | C] () -- C:\Program Files\devices2.cfg
    [1998/09/11 16:03:06 | 00,011,653 | ---- | C] () -- C:\Program Files\cfscred.rtf
    [1998/09/11 16:03:06 | 00,000,631 | ---- | C] () -- C:\Program Files\default_panels.cfg
    [1997/06/14 02:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2009/10/23 15:05:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/10/23 15:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
    [2007/10/03 18:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    [2008/01/03 20:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2007/01/03 20:47:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2007/12/17 19:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
    [2008/12/17 12:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2006/08/21 21:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
    [2007/04/30 19:20:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2009/08/07 14:47:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2009/08/07 14:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2009/02/07 15:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
    [2007/11/14 16:49:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
    [2007/10/13 23:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
    [2009/10/22 11:27:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jes\Application Data
    [2007/01/09 16:24:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\F-Secure
    [2006/08/19 22:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\InterTrust
    [2006/04/20 08:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\InterVideo
    [2007/01/03 20:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\ispnews
    [2009/09/25 20:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\kikin
    [2009/01/24 17:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\Opera
    [2005/09/09 22:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\SampleView
    [2007/10/31 17:24:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jes\Application Data\SecondLife
    [2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/10/28 18:00:23 | 00,000,554 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Jes.job
    [2009/10/28 22:06:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %SYSTEMDRIVE%\eventlog.dll /s /md5 >
    [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
    [4 C:\WINDOWS\system32\*.tmp files]

    < %SYSTEMDRIVE%\scecli.dll /s /md5 >
    [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 13:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
    [4 C:\WINDOWS\system32\*.tmp files]

    < %SYSTEMDRIVE%\netlogon.dll /s /md5 >
    [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
    [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
    [4 C:\WINDOWS\system32\*.tmp files]

    < %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

    < %SYSTEMDRIVE%\sceclt.dll /s /md5 >

    < %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

    < %SYSTEMDRIVE%\logevent.dll /s /md5 >

    < %SYSTEMDRIVE%\iaStor.sys /s /md5 >

    < %SYSTEMDRIVE%\nvstor.sys /s /md5 >

    < %SYSTEMDRIVE%\atapi.sys /s /md5 >
    [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys

    < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

    < %SYSTEMDRIVE%\viasraid.sys /s /md5 >

    < %SYSTEMDRIVE%\AGP440.sys /s /md5 >
    [agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 07:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
    [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

    < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
    < End of report >

    OTL Extras logfile created on: 28/10/2009 22:57:19 - Run 1
    OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Jes\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    223.36 Mb Total Physical Memory | 120.55 Mb Available Physical Memory | 53.97% Memory free
    545.36 Mb Paging File | 336.94 Mb Available in Paging File | 61.78% Paging File free
    Paging file location(s): C:\pagefile.sys 336 672 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.11 Gb Total Space | 8.76 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SKULL
    Current User Name: Jes
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera 10 Preview\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe" = C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe:*:Enabled:Wireless LAN USB Dongle -- (X-Micro Technology Corp.)
    "C:\Documents and Settings\Jes\Desktop\Soul seek.exe" = C:\Documents and Settings\Jes\Desktop\Soul seek.exe:*:Enabled:SoulSeek -- ()
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{256808AA-7E9E-4DB5-8A27-A26268864747}" = Opera 9.01
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "{423CF09F-11C9-410E-9B1A-31E087CED383}" = Opera 10.00
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5EF8822C-6CA1-4B4A-89C4-19CDB64B3BF0}" = Wireless LAN USB Dongle
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D32D4182-DE6C-457E-838C-8D7B9CE332BA}" = InterVideo WinRip
    "{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
    "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem v2136D
    "AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
    "Dofus 1.26.0" = Dofus 1.26.0
    "Fiesta" = Fiesta
    "goldminerjoe_full_1.0" = goldminerjoe_full 1.0
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "InstallShield_{5EF8822C-6CA1-4B4A-89C4-19CDB64B3BF0}" = Wireless LAN USB Dongle
    "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
    "Launcher" = Outspark Launcher
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NSS" = Norton Security Scan
    "OcaHistoryUpd" = OCA Client history tool install
    "SiS VGA Driver" = SiS VGA Utilities
    "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
    "SopCast" = SopCast 2.0.4
    "Soulseek" = SoulSeek Client 156c
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Veoh Web Player Beta" = Veoh Web Player
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "WYDGLOBAL" = WYDGLOBAL (remove only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Puzzle Pirates" = Puzzle Pirates

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 109 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 110 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 111 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 112 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 113 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 114 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 115 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 15:02:59 | Computer Name = SKULL | Source = F-Secure Anti-Virus | ID = 103
    Description = 116 2009-10-22 21:02:59+02:00 skull SYSTEM F-Secure Anti-Virus
    A System Control error occurred. System Control is still operating in normal mode.
    Error code: 110

    Error - 22/10/2009 16:30:13 | Computer Name = SKULL | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 22/10/2009 16:30:51 | Computer Name = SKULL | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 22/10/2009 04:44:19 | Computer Name = SKULL | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 22/10/2009 04:44:19 | Computer Name = SKULL | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 22/10/2009 04:44:20 | Computer Name = SKULL | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 22/10/2009 04:44:20 | Computer Name = SKULL | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 22/10/2009 06:53:54 | Computer Name = SKULL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the F-Secure Anti-Virus Firewall
    Daemon service to connect.

    Error - 22/10/2009 06:55:13 | Computer Name = SKULL | Source = PSched | ID = 14103
    Description = QoS [Adapter {9A56A2F1-12B6-4215-891E-6BEE038B5A9E}]: The netcard driver
    failed the query for OID_GEN_LINK_SPEED.

    Error - 22/10/2009 14:30:15 | Computer Name = SKULL | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 22/10/2009 14:39:09 | Computer Name = SKULL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
    to connect.

    Error - 22/10/2009 15:02:49 | Computer Name = SKULL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
    to connect.

    Error - 28/10/2009 16:40:45 | Computer Name = SKULL | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.


    < End of report >


  • #11
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Advertisement
    6. #12
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      Malwarebytes' Anti-Malware 1.41
      Database version: 3051
      Windows 5.1.2600 Service Pack 3
      29/10/2009 09:37:21
      mbam-log-2009-10-29 (09-37-21).txt
      Scan type: Quick Scan
      Objects scanned: 93043
      Time elapsed: 6 minute(s), 46 second(s)
      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0
      Memory Processes Infected:
      (No malicious items detected)
      Memory Modules Infected:
      (No malicious items detected)
      Registry Keys Infected:
      (No malicious items detected)
      Registry Values Infected:
      (No malicious items detected)
      Registry Data Items Infected:
      (No malicious items detected)
      Folders Infected:
      (No malicious items detected)
      Files Infected:
      (No malicious items detected)


    7. #13
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      The kaspersky scan ran for 45 mins then hung up.
      I waited an hour but nothing had changed.
      The scan had found 4 threats and 5 infected objects but
      didnt say what they were.
      I'm going to restart it now.


    8. #14
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      Sorry for the wait. I was away from home for the night
      KASPERSKY ONLINE SCANNER 7.0: scan report
      Friday, October 30, 2009
      Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
      Kaspersky Online Scanner version: 7.0.26.13
      Last database update: Thursday, October 29, 2009 10:37:13
      Records in database: 3100599
      Scan settings:
      scan using the following database: extended
      Scan archives: yes
      Scan e-mail databases: yes
      Scan area - My Computer:
      C:\
      D:\
      Scan statistics:
      Objects scanned: 108463
      Threats found: 4
      Infected objects found: 5
      Suspicious objects found: 0
      Scan duration: 05:55:50

      File name / Threat / Threats count
      C:\Documents and Settings\Jes\.housecall6.6\Quarantine\bfrgnos.dll.bac_a01360 Infected: Trojan.Win32.Vapsup.iuu 1
      C:\Documents and Settings\Jes\.housecall6.6\Quarantine\F3RESTUB.DLL.bac_a03276 Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
      C:\Documents and Settings\Jes\.housecall6.6\Quarantine\MWSBAR.DLL.bac_a03276 Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1
      C:\Documents and Settings\Jes\.housecall6.6\Quarantine\riched20.dll.bac_a03276 Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
      C:\Documents and Settings\Jes\.housecall6.6\Quarantine\vaxaccess.ocx.bac_a01360 Infected: Trojan.Win32.Agent.cnm 1
      Selected area has been scanned.


    9. #15
      ActorSeeksJob
      Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      Your logs are clean


      Now we need to create a new System Restore point.

      Click Start Menu > Run > type (or copy and paste)

      %SystemRoot%\System32\restore\rstrui.exe

      Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

      Next goto Start Menu > Run > type

      cleanmgr

      Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

      To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


      • Download OTC to your desktop and run it
      • Click Yes to beginning the Cleanup process and remove these components, including this application.
      • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




      Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
      http://www.adobe.com/products/acrobat/readstep2.html


      Below I have included a number of recommendations for how to protect your computer against malware infections.
      • Keep Windows updated by regularly checking their website at :
        http://windowsupdate.microsoft.com/
        This will ensure your computer has always the latest security updates available installed on your computer.

      • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

      • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

      • Make Internet Explorer more secure
        • Click Start > Run
        • Type Inetcpl.cpl & click OK
        • Click on the Security tab
        • Click Reset all zones to default level
        • Make sure the Internet Zone is selected & Click Custom level
        • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
        • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
      • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

      • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
        secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
        blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
        Here


        If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
        • NoScript - for blocking ads and other potential website attacks
        • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

      • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

      • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

      • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

      • Please read my guide on how to prevent malware and about safe computing here
      Thank you for your patience, and performing all of the procedures requested.


    10. #16
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      Thanks so much for all your help.
      What about the mentions of trojans in the last scan though?
      Have they been dealt with?


    11. #17
      ActorSeeksJob
      Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      they are in quarantine and should be left there


    12. #18
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      Ok, great. I've followed most of your advice on the last page.
      He doesnt use IE tough. That was just me posting on here.


    13. #19
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      Any chance of having a look at my computer?
      It was declared clean a few weeks ago but is
      still behaving a little strangely at times.


    14. #20
      ActorSeeksJob
      Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      who declared it clean ?

      do this on it

      Download OTL to your Desktop
      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • Under the Custom Scan box paste this in

        netsvcs
        msconfig
        safebootminimal
        safebootnetwork
        activex
        drivers32
        %SYSTEMDRIVE%\*.exe
        HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
        %SYSTEMDRIVE%\eventlog.dll /s /md5
        %SYSTEMDRIVE%\scecli.dll /s /md5
        %SYSTEMDRIVE%\netlogon.dll /s /md5
        %SYSTEMDRIVE%\cngaudit.dll /s /md5
        %SYSTEMDRIVE%\sceclt.dll /s /md5
        %SYSTEMDRIVE%\ntelogon.dll /s /md5
        %SYSTEMDRIVE%\logevent.dll /s /md5
        %SYSTEMDRIVE%\iaStor.sys /s /md5
        %SYSTEMDRIVE%\nvstor.sys /s /md5
        %SYSTEMDRIVE%\atapi.sys /s /md5
        %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
        %SYSTEMDRIVE%\viasraid.sys /s /md5
        %SYSTEMDRIVE%\AGP440.sys /s /md5
        %SYSTEMDRIVE%\vaxscsi.sys /s /md5

      • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
        • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


    15. #21
      Pacha
      Closed Accounts Posts: 135 ✭✭Pacha


      I was trying to sort all this out on SWI forums but they've been upgrading the site for a while and I kept doing scans and posting them only to come back a day later and find that they'd lost all my posts or the entire thread.
      After a couple of weeks of that i gave up.

      OTL logfile created on: 30/10/2009 14:53:32 - Run 1
      OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\fred\Desktop
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.5730.13)
      Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

      223.36 Mb Total Physical Memory | 128.72 Mb Available Physical Memory | 57.63% Memory free
      561.26 Mb Paging File | 286.50 Mb Available in Paging File | 51.05% Paging File free
      Paging file location(s): C:\pagefile.sys 336 672 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 51.86 Gb Total Space | 26.70 Gb Free Space | 51.48% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded

      Computer Name: YOUR-B77BFAFE16
      Current User Name: fred
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: Current user
      Company Name Whitelist: On
      Skip Microsoft Files: On
      File Age = 14 Days
      Output = Standard
      Quick Scan

      ========== Processes (SafeList) ==========

      PRC - [2009/10/30 14:52:35 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fred\Desktop\OTL.exe
      PRC - [2009/10/14 12:52:27 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
      PRC - [2009/10/14 12:52:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
      PRC - [2009/04/16 10:27:00 | 01,505,168 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe
      PRC - [2009/04/16 10:24:48 | 00,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
      PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
      PRC - [2005/11/16 18:27:04 | 00,483,328 | ---- | M] (X-Micro Technology Corp.) -- C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe
      PRC - [2005/08/01 07:55:00 | 00,088,363 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
      PRC - [2005/08/01 07:53:00 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      PRC - [2005/08/01 07:53:00 | 00,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      PRC - [2005/04/22 14:44:26 | 00,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\keyhook.exe
      PRC - [2005/04/08 13:17:52 | 00,266,240 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\sistray.exe
      PRC - [2004/12/02 14:54:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
      PRC - [2004/08/11 09:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

      ========== Win32 Services (SafeList) ==========

      SRV - [2009/10/14 12:52:27 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
      SRV - [2009/10/10 18:19:21 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
      SRV - [2009/04/28 09:06:06 | 01,195,008 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv [Auto | Running])
      SRV - [2009/04/16 10:24:48 | 00,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc [Auto | Running])
      SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
      SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
      SRV - [2004/08/11 09:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
      SRV - [2004/07/15 09:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

      ========== Modules (SafeList) ==========

      MOD - [2009/10/30 14:52:35 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fred\Desktop\OTL.exe
      MOD - [2009/03/26 11:04:46 | 00,194,448 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll
      MOD - [2008/04/14 01:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
      MOD - [2005/08/01 07:53:00 | 00,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll

      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?&.src=ym&quot;
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
      FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
      FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

      FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/14 12:52:29 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 14:38:39 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 14:38:39 | 00,000,000 | ---D | M]

      [2009/10/10 11:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fred\Application Data\mozilla\Extensions
      [2009/10/10 11:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fred\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
      [2009/10/10 11:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fred\Application Data\mozilla\Firefox\Profiles\1tbar244.default\extensions
      [2009/10/29 14:56:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
      [2009/10/28 14:38:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2009/10/14 12:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
      [2009/10/28 14:38:07 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
      [2009/10/28 14:38:08 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
      [2009/10/14 12:52:28 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
      [2009/10/28 14:38:19 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
      [2009/08/24 19:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
      [2009/08/24 19:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
      [2009/08/24 19:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
      [2009/08/24 19:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
      [2009/08/24 19:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
      [2009/08/24 19:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
      [2009/08/24 19:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

      O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
      O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
      O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
      O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
      O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
      O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe (Silicon Integrated Systems Corporation)
      O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.DLL (Silicon Integrated Systems Corporation)
      O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
      O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\System32\sistray.exe (Silicon Integrated Systems Corporation)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless LAN USB Dongle.lnk = C:\Program Files\Wireless LAN USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
      O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
      O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ipp - No CLSID value found
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
      O24 - Desktop Components:0 (My Current Home Page) - About:Home
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/10/12 12:36:40 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck) - File not found
      O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
      O34 - HKLM BootExecute: (*) - File not found
      O35 - comfile [open] -- "%1" %* File not found
      O35 - exefile [open] -- "%1" %* File not found

      NetSvcs: 6to4 - Service key not found. File not found
      NetSvcs: Ias - Service key not found. File not found
      NetSvcs: Iprip - Service key not found. File not found
      NetSvcs: Irmon - Service key not found. File not found
      NetSvcs: NWCWorkstation - Service key not found. File not found
      NetSvcs: Nwsapagent - Service key not found. File not found
      NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
      NetSvcs: WmdmPmSp - Service key not found. File not found
      NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

      MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
      MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe - (InterVideo Inc.)
      MsConfig - StartUpReg: AOL_Demo - hkey= - key= - C:\Applications\Tool\AOL Demo\DSGDemo.exe (Macromedia, Inc.)
      MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      MsConfig - State: "system.ini" - 0
      MsConfig - State: "win.ini" - 0
      MsConfig - State: "bootini" - 0
      MsConfig - State: "services" - 0
      MsConfig - State: "startup" - 2

      SafeBootMin: Base - Driver Group
      SafeBootMin: Boot Bus Extender - Driver Group
      SafeBootMin: Boot file system - Driver Group
      SafeBootMin: File system - Driver Group
      SafeBootMin: Filter - Driver Group
      SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
      SafeBootMin: PCI Configuration - Driver Group
      SafeBootMin: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
      SafeBootMin: PNP Filter - Driver Group
      SafeBootMin: Primary disk - Driver Group
      SafeBootMin: SCSI Class - Driver Group
      SafeBootMin: sermouse.sys - Driver
      SafeBootMin: System Bus Extender - Driver Group
      SafeBootMin: vds - Service
      SafeBootMin: vga.sys - Driver
      SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
      SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

      SafeBootNet: Base - Driver Group
      SafeBootNet: Boot Bus Extender - Driver Group
      SafeBootNet: Boot file system - Driver Group
      SafeBootNet: File system - Driver Group
      SafeBootNet: Filter - Driver Group
      SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
      SafeBootNet: NDIS Wrapper - Driver Group
      SafeBootNet: NetBIOSGroup - Driver Group
      SafeBootNet: NetDDEGroup - Driver Group
      SafeBootNet: Network - Driver Group
      SafeBootNet: NetworkProvider - Driver Group
      SafeBootNet: PCI Configuration - Driver Group
      SafeBootNet: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
      SafeBootNet: PNP Filter - Driver Group
      SafeBootNet: PNP_TDI - Driver Group
      SafeBootNet: Primary disk - Driver Group
      SafeBootNet: SCSI Class - Driver Group
      SafeBootNet: sermouse.sys - Driver
      SafeBootNet: Streams Drivers - Driver Group
      SafeBootNet: System Bus Extender - Driver Group
      SafeBootNet: TDI - Driver Group
      SafeBootNet: vga.sys - Driver
      SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
      SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
      SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
      SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
      SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

      ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
      ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
      ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
      ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
      ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
      ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
      ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
      ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
      ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
      ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
      ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
      ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
      ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
      ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
      ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
      ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
      ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
      ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
      ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
      ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
      ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
      ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
      ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
      ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
      ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
      ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
      ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
      ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
      ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
      ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
      ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
      ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
      ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
      ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
      ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
      ActiveX: {FB7B4753-CAFE-45A0-64DB-10333EDDBDF8} - Microsoft Windows Media Player 6.4
      ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
      ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
      ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
      ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
      ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

      Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
      Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
      Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
      Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
      Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
      Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
      Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
      Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
      Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
      Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
      Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

      ========== Files/Folders - Created Within 14 Days ==========

      [2 C:\WINDOWS\*.tmp files]
      [2009/10/19 08:11:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
      [2009/10/19 00:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fred\Application Data\WinRAR
      [2009/10/19 08:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum
      [2009/10/20 23:17:38 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
      [2009/10/19 00:08:29 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
      [2009/10/30 14:52:34 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fred\Desktop\OTL.exe
      [2009/10/22 08:12:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
      [2009/10/22 08:09:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
      [2009/10/22 08:07:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
      [2009/10/22 08:06:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
      [2009/10/22 08:06:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
      [2009/10/21 09:53:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fred\My Documents\Downloads
      [2009/10/20 23:14:22 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe
      [2009/10/20 16:43:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
      [2009/10/20 16:37:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
      [2009/10/20 16:36:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
      [2009/10/20 16:36:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
      [2009/10/20 16:36:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
      [2009/10/20 16:36:18 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
      [2009/10/20 16:36:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
      [2009/10/20 16:35:10 | 00,000,000 | ---D | C] -- C:\Qoobox
      [2009/10/19 08:13:50 | 00,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
      [2009/10/19 08:13:31 | 00,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
      [2009/10/19 08:12:05 | 00,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
      [2009/10/19 08:10:28 | 17,436,560 | ---- | C] (Agnitum, Ltd. ) -- C:\Program Files\OutpostFreeInstall.exe
      [2009/10/15 20:57:47 | 03,952,016 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wd97vwr32.exe.zip
      [2009/10/12 09:08:55 | 00,436,360 | ---- | C] (Yahoo! Inc.) -- C:\Program Files\msgr8us.exe
      [2009/10/12 09:08:37 | 08,944,224 | ---- | C] (Heidi Computers Ltd. ) -- C:\Program Files\32.exe
      [2009/10/12 09:08:24 | 18,895,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger.exe
      [2009/10/11 12:38:35 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
      [2009/10/10 11:25:01 | 08,067,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.3.exe
      [2009/10/10 11:09:31 | 46,664,160 | ---- | C] (PC Tools ) -- C:\Program Files\avinstall.exe
      [2004/12/13 07:57:36 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

      ========== Files - Modified Within 14 Days ==========

      [2 C:\WINDOWS\System32\*.tmp files]
      [2 C:\WINDOWS\*.tmp files]
      [2009/10/30 14:52:35 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fred\Desktop\OTL.exe
      [2009/10/30 11:09:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2009/10/30 11:09:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2009/10/29 16:08:56 | 04,314,736 | -H-- | M] () -- C:\Documents and Settings\fred\Local Settings\Application Data\IconCache.db
      [2009/10/29 14:16:19 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2009/10/25 07:34:32 | 00,381,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2009/10/25 07:34:32 | 00,053,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2009/10/25 07:34:31 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
      [2009/10/21 06:02:45 | 00,030,304 | ---- | M] () -- C:\Documents and Settings\fred\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      [2009/10/20 23:17:41 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\fred\Desktop\CCleaner.lnk
      [2009/10/20 23:14:32 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe
      [2009/10/20 16:46:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
      [2009/10/20 16:45:35 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
      [2009/10/20 16:37:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
      [2009/10/19 16:40:49 | 00,019,892 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
      [2009/10/19 16:40:48 | 01,605,664 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
      [2009/10/19 08:11:29 | 17,436,560 | ---- | M] (Agnitum, Ltd. ) -- C:\Program Files\OutpostFreeInstall.exe
      [2009/10/19 07:44:02 | 00,749,580 | ---- | M] () -- C:\Documents and Settings\fred\My Documents\CV_ Elena Kharchenko eng.doc
      [2009/10/18 12:27:49 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

      ========== Files - No Company Name ==========
      [2009/10/20 23:17:40 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\fred\Desktop\CCleaner.lnk
      [2009/10/20 16:37:45 | 00,000,211 | ---- | C] () -- C:\Boot.bak
      [2009/10/20 16:37:39 | 00,260,272 | ---- | C] () -- C:\cmldr
      [2009/10/20 16:36:18 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
      [2009/10/20 16:36:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
      [2009/10/20 16:36:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
      [2009/10/20 16:36:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
      [2009/10/19 08:12:06 | 00,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
      [2009/10/19 08:09:17 | 01,605,664 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
      [2009/10/19 08:09:17 | 00,019,892 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
      [2009/10/19 07:35:32 | 00,749,580 | ---- | C] () -- C:\Documents and Settings\fred\My Documents\CV_ Elena Kharchenko eng.doc
      [2009/10/12 20:13:02 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
      [2009/10/12 12:38:19 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
      [2009/10/12 12:36:57 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
      [2009/10/12 12:30:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
      [2009/10/12 12:30:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
      [2009/10/12 12:30:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
      [2009/10/12 00:11:57 | 13,727,048 | ---- | C] () -- C:\Program Files\winzip121.exe
      [2009/10/11 23:02:29 | 18,527,244 | ---- | C] () -- C:\Program Files\vlc-1.0.2-win32.exe
      [2009/10/11 19:38:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
      [2009/10/11 12:21:34 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
      [2009/10/10 21:07:56 | 00,030,304 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      [2009/10/10 20:26:53 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2009/10/10 11:05:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\fred\Application Data\desktop.ini
      [2009/10/10 11:05:47 | 04,314,736 | -H-- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\IconCache.db
      [2009/01/05 14:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
      [2005/09/12 19:04:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
      [2005/09/09 18:39:12 | 00,001,456 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
      [2005/09/09 18:38:53 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
      [2005/09/09 18:38:50 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
      [2005/09/09 11:44:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
      [2005/09/02 00:39:24 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
      [2005/09/02 00:39:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
      [2005/09/02 00:39:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
      [2005/07/12 15:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
      [2004/03/23 17:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
      [2004/01/14 22:22:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
      [2004/01/14 21:56:47 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
      [2004/01/14 21:56:47 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
      [2004/01/14 21:46:18 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
      [2004/01/14 21:46:18 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
      [2004/01/14 21:46:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
      [2004/01/14 21:46:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
      [2004/01/14 21:46:18 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
      [2004/01/14 21:46:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
      [2004/01/14 21:01:08 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
      [2004/01/14 20:43:01 | 00,075,495 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
      [2004/01/14 20:42:43 | 00,149,903 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
      [2001/12/26 17:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
      [2001/09/04 00:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
      [2001/07/30 17:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
      [2001/07/23 23:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

      ========== LOP Check ==========

      [2009/10/19 08:11:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
      [2009/10/12 09:14:50 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
      [2009/10/19 08:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
      [2009/10/10 18:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
      [2009/10/10 22:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
      [2009/10/30 11:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
      [2009/10/12 00:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
      [2009/10/19 00:09:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\fred\Application Data
      [2009/10/13 21:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fred\Application Data\dvdcss
      [2009/10/12 16:50:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fred\Application Data\InterVideo
      [2005/09/09 22:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fred\Application Data\SampleView
      [2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
      [2009/10/30 11:09:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

      ========== Purity Check ==========



      ========== Custom Scans ==========


      < %SYSTEMDRIVE%\*.exe >

      < HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >
      "jqs@sun.com" = C:\Program Files\Java\jre6\lib\deploy\jqs\ff -- [2009/10/14 12:52:29 | 00,000,000 | ---D | M]

      < %SYSTEMDRIVE%\eventlog.dll /s /md5 >
      [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
      [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
      [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
      [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
      [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
      [2 C:\WINDOWS\system32\*.tmp files]

      < %SYSTEMDRIVE%\scecli.dll /s /md5 >
      [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
      [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
      [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
      [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
      [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
      [2 C:\WINDOWS\system32\*.tmp files]

      < %SYSTEMDRIVE%\netlogon.dll /s /md5 >
      [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
      [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
      [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
      [netlogon.dll : MD5=6C476D33D82F1054849790181E8F7772] -> [2009/02/06 19:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe\netlogon.dll
      [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
      [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
      [2 C:\WINDOWS\system32\*.tmp files]

      < %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

      < %SYSTEMDRIVE%\sceclt.dll /s /md5 >

      < %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

      < %SYSTEMDRIVE%\logevent.dll /s /md5 >

      < %SYSTEMDRIVE%\iaStor.sys /s /md5 >

      < %SYSTEMDRIVE%\nvstor.sys /s /md5 >

      < %SYSTEMDRIVE%\atapi.sys /s /md5 >
      [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
      [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
      [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
      [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys

      < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

      < %SYSTEMDRIVE%\viasraid.sys /s /md5 >

      < %SYSTEMDRIVE%\AGP440.sys /s /md5 >
      [agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 07:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
      [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys
      [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
      [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
      [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

      < %SYSTEMDRIVE%\vaxscsi.sys /s /md5* >

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
      < End of report >

      OTL Extras logfile created on: 30/10/2009 14:53:32 - Run 1
      OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\fred\Desktop
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.5730.13)
      Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

      223.36 Mb Total Physical Memory | 128.72 Mb Available Physical Memory | 57.63% Memory free
      561.26 Mb Paging File | 286.50 Mb Available in Paging File | 51.05% Paging File free
      Paging file location(s): C:\pagefile.sys 336 672 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 51.86 Gb Total Space | 26.70 Gb Free Space | 51.48% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded

      Computer Name: YOUR-B77BFAFE16
      Current User Name: fred
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: Current user
      Company Name Whitelist: On
      Skip Microsoft Files: On
      File Age = 14 Days
      Output = Standard
      Quick Scan

      ========== Extra Registry (SafeList) ==========


      ========== File Associations ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
      .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

      [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
      .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

      ========== Shell Spawning ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %* File not found
      chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
      cmdfile [open] -- "%1" %* File not found
      comfile [open] -- "%1" %* File not found
      exefile [open] -- "%1" %* File not found
      htmlfile [edit] -- Reg Error: Key error.
      htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
      htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
      http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
      https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
      piffile [open] -- "%1" %* File not found
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1" File not found
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
      scrfile [open] -- "%1" /S File not found
      txtfile [edit] -- Reg Error: Key error.
      Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
      Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
      CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

      ========== Security Center Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "FirstRunDisabled" = 1
      "FirewallDisableNotify" = 0
      "UpdatesDisableNotify" = 0
      "AntiVirusOverride" = 1
      "FirewallOverride" = 0
      "AntiVirusDisableNotify" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

      ========== Authorized Applications List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


      ========== HKEY_LOCAL_MACHINE Uninstall List ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
      "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
      "{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
      "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
      "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
      "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
      "{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task
      "{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
      "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
      "{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
      "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
      "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
      "{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
      "{5EF8822C-6CA1-4B4A-89C4-19CDB64B3BF0}" = Wireless LAN USB Dongle
      "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
      "{7585478E9D9B42108671C12F8714CEFE}" = DivX Converter
      "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
      "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
      "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
      "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine
      "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
      "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      "{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
      "{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
      "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
      "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
      "{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
      "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
      "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
      "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
      "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
      "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
      "{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
      "{D32D4182-DE6C-457E-838C-8D7B9CE332BA}" = InterVideo WinRip
      "{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
      "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
      "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
      "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
      "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
      "Agere Systems Soft Modem" = Agere Systems AC'97 Modem v2136D
      "Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
      "CCleaner" = CCleaner (remove only)
      "Eraser" = Eraser
      "HijackThis" = HijackThis 2.0.2
      "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
      "ie7" = Windows Internet Explorer 7
      "InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
      "InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
      "InstallShield_{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
      "InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
      "InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
      "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
      "InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
      "InstallShield_{5EF8822C-6CA1-4B4A-89C4-19CDB64B3BF0}" = Wireless LAN USB Dongle
      "InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
      "InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
      "InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
      "InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
      "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
      "InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
      "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
      "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
      "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
      "OcaHistoryUpd" = OCA Client history tool install
      "PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1
      "SiS VGA Driver" = SiS VGA Utilities
      "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
      "SynTPDeinstKey" = Synaptics Pointing Device Driver
      "VLC media player" = VLC media player 1.0.2
      "Windows Media Format Runtime" = Windows Media Format Runtime
      "Windows Media Player" = Windows Media Player 10
      "Windows XP Service Pack" = Windows XP Service Pack 3
      "WinRAR archiver" = WinRAR archiver

      ========== HKEY_CURRENT_USER Uninstall List ==========

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

      ========== Last 10 Event Log Errors ==========

      [ Application Events ]
      Error - 12/10/2009 15:05:52 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application setup.exe, version 0.0.0.0, faulting module setup.exe,
      version 0.0.0.0, fault address 0x00008134.

      Error - 12/10/2009 15:08:27 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application PCTAVSvc.exe, version 6.1.0.25, faulting module
      PCTAVSvc.exe, version 6.1.0.25, fault address 0x0006c2fd.

      Error - 12/10/2009 15:32:35 | Computer Name = YOUR-B77BFAFE16 | Source = Application Hang | ID = 1002
      Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
      version 0.0.0.0, hang address 0x00000000.

      Error - 12/10/2009 17:24:49 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application PCTAVSvc.exe, version 6.1.0.25, faulting module
      PCTAVSvc.exe, version 6.1.0.25, fault address 0x0006c2fd.

      Error - 13/10/2009 09:34:59 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
      module shimgvw.dll, version 6.0.2900.5512, fault address 0x0000df56.

      Error - 13/10/2009 11:48:23 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1004
      Description = Faulting application PCTAVSvc.exe, version 6.1.0.25, faulting module
      PCTAVSvc.exe, version 6.1.0.25, fault address 0x0006c2fd.

      Error - 19/10/2009 04:47:28 | Computer Name = YOUR-B77BFAFE16 | Source = Application Hang | ID = 1002
      Description = Hanging application is-0CF36.exe, version 7.0.0.290, hang module hungapp,
      version 0.0.0.0, hang address 0x00000000.

      Error - 21/10/2009 04:29:54 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application cdmkr32.exe, version 7.0.0.62, faulting module
      mp3codec.dll, version 1.0.0.4, fault address 0x00002618.

      Error - 21/10/2009 05:19:46 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application cdmkr32.exe, version 7.0.0.62, faulting module
      mp3codec.dll, version 1.0.0.4, fault address 0x00002618.

      Error - 21/10/2009 08:40:57 | Computer Name = YOUR-B77BFAFE16 | Source = Application Error | ID = 1000
      Description = Faulting application cdmkr32.exe, version 7.0.0.62, faulting module
      mp3codec.dll, version 1.0.0.4, fault address 0x00002618.

      [ System Events ]
      Error - 19/10/2009 11:43:45 | Computer Name = YOUR-B77BFAFE16 | Source = Service Control Manager | ID = 7001
      Description = The IPSEC Services service depends on the IPSEC driver service which
      failed to start because of the following error: %%31

      Error - 19/10/2009 11:43:45 | Computer Name = YOUR-B77BFAFE16 | Source = Service Control Manager | ID = 7026
      Description = The following boot-start or system-start driver(s) failed to load:
      AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SandBox Tcpip WS2IFSL

      Error - 19/10/2009 16:41:45 | Computer Name = YOUR-B77BFAFE16 | Source = DCOM | ID = 10005
      Description = DCOM got error "%1084" attempting to start the service EventSystem
      with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

      Error - 20/10/2009 11:37:05 | Computer Name = YOUR-B77BFAFE16 | Source = Service Control Manager | ID = 7034
      Description = The Java Quick Starter service terminated unexpectedly. It has done
      this 1 time(s).

      Error - 20/10/2009 11:38:15 | Computer Name = YOUR-B77BFAFE16 | Source = Service Control Manager | ID = 7009
      Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
      to connect.

      Error - 20/10/2009 11:43:37 | Computer Name = YOUR-B77BFAFE16 | Source = Service Control Manager | ID = 7009
      Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
      to connect.

      Error - 20/10/2009 11:43:46 | Computer Name = YOUR-B77BFAFE16 | Source = Service Control Manager | ID = 7009
      Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
      to connect.

      Error - 21/10/2009 10:42:33 | Computer Name = YOUR-B77BFAFE16 | Source = Cdrom | ID = 262151
      Description = The device, \Device\CdRom0, has a bad block.

      Error - 21/10/2009 10:42:45 | Computer Name = YOUR-B77BFAFE16 | Source = Cdrom | ID = 262151
      Description = The device, \Device\CdRom0, has a bad block.

      Error - 21/10/2009 10:42:57 | Computer Name = YOUR-B77BFAFE16 | Source = Cdrom | ID = 262151
      Description = The device, \Device\CdRom0, has a bad block.


      < End of report >


    16. Advertisement
    17. #22
      ActorSeeksJob
      Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      looking good

      Download TFC to your desktop
      • Open the file and close any other windows.
      • It will close all programs itself when run, make sure to let it run uninterrupted.
      • Click the Start button to begin the process. The program should not take long to finish its job
      • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




      Please download Malwarebytes' Anti-Malware from Here

      Double Click mbam-setup.exe to install the application.
      • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select "Perform Quick Scan", then click Scan.
      • The scan may take some time to finish,so please be patient.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Make sure that everything is checked, and click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      • Copy&Paste the entire report in your next reply.
      Extra Note:
      If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






      Go to Kaspersky website and perform an online antivirus scan.
      1. Read through the requirements and privacy statement and click on Accept button.
      2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
      3. When the downloads have finished, click on Settings.
      4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
          Spyware, Adware, Dialers, and other potentially dangerous programs
          Archives
          Mail databases
        [*]Click on My Computer under Scan.
        [*]Once the scan is complete, it will display the results. Click on View Scan Report.
        [*]You will see a list of infected items there. Click on Save Report As....
        [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


      5. #23
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        Malwarebytes' Anti-Malware 1.41
        Database version: 3062
        Windows 5.1.2600 Service Pack 3

        30/10/2009 19:32:32
        mbam-log-2009-10-30 (19-32-32).txt

        Scan type: Quick Scan
        Objects scanned: 93129
        Time elapsed: 6 minute(s), 17 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)


      6. #24
        jamesie_boy
        Registered Users, Registered Users 2 Posts: 161 ✭✭jamesie_boy


        arse


      7. #25
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        jamesie_boy wrote: »
        arse
        arse?


      8. #26
        jamesie_boy
        Registered Users, Registered Users 2 Posts: 161 ✭✭jamesie_boy


        Pacha wrote: »
        arse?
        Yes.


      9. #27
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        jamesie_boy wrote: »
        Yes.
        are you here to make any kind of useful contribution or just to say rude words?


      10. #28
        jamesie_boy
        Registered Users, Registered Users 2 Posts: 161 ✭✭jamesie_boy


        Pacha wrote: »
        are you here to make any kind of useful contribution or just to say rude words?
        Well for starters i wouldn't reccomend the program.if you can pinpoint the exact file that you think is the infected one,why not just upload that file to virustotal.com.Not only is it saving you valuable time that would be wasted needlessly doing scans,but it can also give you a comprehensive analysis of that file using many antivirus programs.


      11. #29
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        Well, I don't particularly want to tie up my computer for the next 6 hours but I have no idea which file is infected.
        Two things I've noticed which weren't working properly in the last week were windows movie maker, which crashed 3 times in a row when i tried to open it and photoshop which was running slower than usual.
        Otherwise it all seems to be back to normal.


      12. #30
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        if only it was that easy


      13. Advertisement
      14. #31
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        Wel, I left it on to scan all night but again, it hung up after 45 mins.


      15. #32
        aidan_walsh
        Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


        jamesie_boy wrote: »
        Well for starters i wouldn't reccomend the program.if you can pinpoint the exact file that you think is the infected one,why not just upload that file to virustotal.com.Not only is it saving you valuable time that would be wasted needlessly doing scans,but it can also give you a comprehensive analysis of that file using many antivirus programs.
        How succinctly you managed to express all that in one word. In future could you explain yourself on the first go, without needing to resort to being rude?


      16. #33
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        My son is back on his computer and just tried to install a new game called IJJI reactor, (apparently from the official site) The antivirus popped up a message several times saying HEUR\Malware had been detected.
        Then we tried to install outpost firewall on there and it kept getting blocked by talktalk security.
        I think we may have found the folder talktalk was in now and have hopefully removed it, via add/remove programmes.

        I still havent done the kaspersky scan on my computer, partly because it takes so long and partly because our internet went down all day yesterday.


      17. #34
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        I just found this post that I made about my son's infection on the other forum before I came here.

        'I just tried to run combofix again to get a new one and the antivirus tried to block it saying it was HIDDENEXT/Crypted
        then I got a message saying

        'not safe to continue
        the combofix package has been compromised.
        you may be infected with a file patching virus 'Virut'


      18. #35
        Pacha
        Closed Accounts Posts: 135 ✭✭Pacha


        Thanks for all your help earlier ASJ. ;)
        My computer's been working fine since your help.
        The only thing that doesn't work is windows movie maker,
        which closes down as soon as it's loaded.
        I can't work out how to uninstall it or where to download a new version from.
        Anyone know a quick fix?
        The only advice I found was to turn on automatic updates, which i did.


      Advertisement