StevieG
-
Content Count
3 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by StevieG
-
-
Hi,
I've got a friends computer because he has been having a lot of problems with it for awhile and he barely knows which end is which. After running some antivirus/anti malware programs I found a lot of problems so I've tried to fix them using information I found on this forum (thanks btw). I wondered if someone could look at the following reports and check if I have cleared everything please? I originally ran AVG, Spybot S+D, SuperAntiSpyware and HijackThis - all found problems first time and fixed them (and second time they were ran they came out clean). I then posted here only to find out that you no longer use these programs (I must have been looking at old threads) and 'TheTerrorist 75' advised me to run The Comedian, TFC, MBAM, Rooter, Rootrepeal and OTL - posting reports from the latter 4 in this thread.
I have run all the programs and the reports for each are below.
MBAM-Log-2009-08-09
Malwarebytes' Anti-Malware 1.40
Database version: 2586
Windows 5.1.2600 Service Pack 3
09/08/2009 20:07:03
mbam-log-2009-08-09 (20-07-03).txt
Scan type: Quick Scan
Objects scanned: 105227
Time elapsed: 56 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[sharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.2 (en-GB)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:133 Go )
D:\ [CD_Rom]
.
Scan : 20:40.09
Path : C:\Documents and Settings\robert\My Documents\Downloads\Rooter.exe
User : robert ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (444)
______ \??\C:\WINDOWS\system32\csrss.exe (492)
______ \??\C:\WINDOWS\system32\winlogon.exe (516)
______ C:\WINDOWS\system32\services.exe (560)
______ C:\WINDOWS\system32\lsass.exe (572)
______ C:\WINDOWS\system32\svchost.exe (732)
______ C:\WINDOWS\system32\svchost.exe (780)
______ C:\WINDOWS\System32\svchost.exe (844)
______ C:\WINDOWS\system32\svchost.exe (904)
______ C:\WINDOWS\system32\svchost.exe (940)
______ C:\WINDOWS\system32\LEXBCES.EXE (1156)
______ C:\WINDOWS\system32\LEXPPS.EXE (1200)
______ C:\WINDOWS\system32\spoolsv.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1712)
______ C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (1744)
______ C:\WINDOWS\system32\svchost.exe (1760)
______ c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe (1772)
______ c:\APPS\Powercinema\Kernel\TV\CLSched.exe (1816)
______ C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (1848)
______ C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (1876)
______ c:\APPS\HIDSERVICE\HIDSERVICE.exe (1888)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1920)
______ C:\WINDOWS\system32\slserv.exe (1972)
______ C:\WINDOWS\System32\PAStiSvc.exe (1992)
______ C:\WINDOWS\system32\svchost.exe (2008)
______ C:\WINDOWS\system32\wdfmgr.exe (2036)
______ C:\WINDOWS\System32\alg.exe (876)
______ C:\WINDOWS\Explorer.EXE (1540)
______ C:\WINDOWS\system32\wscntfy.exe (1548)
______ C:\WINDOWS\SOUNDMAN.EXE (1320)
______ C:\Apps\Powercinema\PCMService.exe (996)
______ C:\apps\ABoard\ABoard.exe (1368)
______ C:\WINDOWS\system32\rundll32.exe (1468)
______ C:\apps\ABoard\AOSD.exe (804)
______ C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (716)
______ C:\WINDOWS\system32\LVCOMSX.EXE (1684)
______ C:\Program Files\Logitech\Video\LogiTray.exe (2060)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2100)
______ C:\WINDOWS\system32\ctfmon.exe (2132)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (2148)
______ C:\WINDOWS\system32\sistray.exe (2216)
______ C:\Program Files\Logitech\Video\FxSvr2.exe (2568)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3524)
______ C:\Documents and Settings\robert\My Documents\Downloads\Rooter.exe (3456)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:160031015424)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:40.35
.
C:\Rooter$\Rooter_1.txt - (09/08/2009 | 20:40.35)
Files Infected:
C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/09 20:41
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF501B000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xFB0D5000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF43C4000 Size: 49152 File Visible: No Signed: -
Status: -
Name: sjglhuoq.sys
Image Path: sjglhuoq.sys
Address: 0xFAB91000 Size: 61440 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf51250b0
==EOF==
OTL logfile created on: 09/08/2009 20:47:17 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\robert\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
190.73 Mb Total Physical Memory | 38.93 Mb Available Physical Memory | 20.41% Memory free
477.15 Mb Paging File | 87.84 Mb Available in Paging File | 18.41% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 133.82 Gb Free Space | 89.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SN047570920348
Current User Name: robert
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - c:\APPS\HIDSERVICE\HIDSERVICE.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\slserv.exe ( )
PRC - C:\WINDOWS\System32\PAStiSvc.exe ()
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
PRC - C:\apps\ABoard\ABoard.exe (NEC Computers International)
PRC - C:\apps\ABoard\AOSD.exe (NEC Computers International)
PRC - C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)
PRC - C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\System32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Labtec Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\robert\My Documents\Downloads\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (CLCapSvc [Auto | Running]) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CLSched [Auto | Running]) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CyberLink Media Library Service [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (GenericHidService [Auto | Running]) -- c:\APPS\HIDSERVICE\HIDSERVICE.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (SLService [Auto | Running]) -- C:\WINDOWS\System32\slserv.exe ( )
SRV - (STI Simulator [Auto | Running]) -- C:\WINDOWS\System32\PAStiSvc.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys ( )
DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys ( )
DRV - (NtMtlFax [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys ( )
DRV - (PAC207 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pfc027.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVCD.sys (Labtec Inc.)
DRV - (ql1080 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RecAgent [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [system | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSRaid [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys (Silicon Integrated Systems)
DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys ( )
DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys ( )
DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Vireo Software)
DRV - (Sparrow [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A DA 2A A9 37 18 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/04 23:56:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 15:58:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 23:45:44 | 00,000,000 | ---D | M]
[2009/08/08 15:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\mozilla\Extensions
[2009/08/08 15:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/08 15:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\mozilla\Firefox\Profiles\2nusflcq.default\extensions
[2009/08/09 20:23:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/08 15:56:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/08 23:45:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/31 00:39:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/31 00:39:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/31 00:39:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 23:24:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/07/31 00:39:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 23:24:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/07/31 00:39:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 23:24:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/07/31 00:39:40 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/31 00:39:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 23:24:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (318425 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10945 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {17360AB9-DC99-0A86-9D8A-9C39F14ECBD0} - C:\DOCUME~1\jack\APPLIC~1\FILMBU~1\Platform 4.exe File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe (NEC Computers International)
O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [broadbandadvisor.exe] C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)
O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.DLL (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [type play htm bird] C:\Documents and Settings\All Users\Application Data\showwaytypeplay\Dash Grey.exe File not found
O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\System32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\robert\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/08/09 20:40:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/09 18:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\Malwarebytes
[2009/08/09 18:59:16 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/09 18:59:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/09 18:59:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/09 18:59:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/09 18:59:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/09 18:54:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/09 18:46:44 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\robert\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/09 18:46:26 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\NTREGOPT.lnk
[2009/08/09 18:46:26 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\ERUNT.lnk
[2009/08/09 18:46:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/09 14:25:00 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\HijackThis.lnk
[2009/08/09 14:24:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/09 00:46:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/09 00:45:52 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/09 00:45:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/09 00:45:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\SUPERAntiSpyware.com
[2009/08/09 00:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/08 23:45:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/08 23:45:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/08 23:45:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/08 19:23:19 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/08 19:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/08 16:38:00 | 00,000,106 | ---- | C] () -- C:\delete.bat
[2009/08/08 16:16:48 | 00,000,000 | ---D | C] -- C:\NoLopBackups
[2009/08/08 16:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\My Documents\Downloads
[2009/08/08 15:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Local Settings\Application Data\Mozilla
[2009/08/08 15:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\Mozilla
[2009/08/08 15:56:14 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/08 15:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/08/08 14:55:46 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/08/08 14:51:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/07 22:42:49 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/07 22:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/07 22:19:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/07 22:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\AVG8
[2009/07/15 22:38:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/15 17:40:51 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/15 17:40:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/10 03:09:31 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/21 23:36:30 | 00,017,191 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/11/05 18:11:52 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/20 21:41:21 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/07/20 21:31:03 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/01/26 23:41:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/04/21 23:54:53 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/03/25 23:09:36 | 00,000,463 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2006/03/13 20:20:33 | 00,000,070 | ---- | C] () -- C:\WINDOWS\8F44503F.ini
[2006/02/13 16:49:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/14 20:58:24 | 00,000,290 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/01/10 22:35:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/10 22:18:08 | 00,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/01/10 22:06:27 | 00,083,822 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/01/10 22:06:11 | 00,097,929 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/01/10 22:05:16 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/01/10 22:05:14 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/10 21:57:38 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/01/10 21:57:38 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/01/10 21:57:38 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006/01/10 21:57:38 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/02/24 12:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/01/25 15:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/09/07 19:49:32 | 00,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 18:13:32 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:38:23 | 00,000,817 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 17:38:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/23 14:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 01:00:00 | 01,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 01:00:00 | 00,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 01:00:00 | 00,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 01:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 01:00:00 | 00,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 01:00:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 01:00:00 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[1980/01/01 01:00:00 | 00,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 01:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
========== Files - Modified Within 30 Days ==========
[2009/08/09 20:10:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/09 20:09:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/09 20:09:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/09 20:09:17 | 20,006,9120 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/09 20:07:05 | 00,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/08/09 18:59:16 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/09 18:46:44 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\robert\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/09 18:46:26 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\NTREGOPT.lnk
[2009/08/09 18:46:26 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\ERUNT.lnk
[2009/08/09 14:25:03 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\HijackThis.lnk
[2009/08/09 00:45:52 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/08 16:38:01 | 00,000,106 | ---- | M] () -- C:\delete.bat
[2009/08/08 16:19:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/08/08 16:19:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/08 15:56:14 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/08 15:33:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/08 15:33:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/08 15:26:26 | 00,000,280 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/08 15:26:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/08 14:56:58 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/31 23:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/07/31 23:01:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/26 14:29:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/26 14:29:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 14:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 14:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/15 22:33:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/15 22:33:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/14 21:03:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/07/14 21:03:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/07/13 17:35:05 | 00,000,290 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
========== LOP Check ==========
[2009/08/09 18:59:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/03/13 20:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blueyonder
[2006/10/29 14:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/08/07 22:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
[2004/08/10 18:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/11/11 19:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\showwaytypeplay
[2008/05/02 15:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/01/10 22:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/08 19:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2002/01/05 11:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2006/01/17 22:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/09 18:59:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\robert\Application Data
[2006/02/28 20:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\CyberLink
[2002/01/13 09:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\MSNInstaller
[2008/07/13 12:40:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Template
[2009/08/08 19:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Virgin Broadband
[2006/01/10 22:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\You've Got Pictures Screensaver
[2006/01/17 22:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Zylom
[2009/08/09 20:07:05 | 00,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/09 20:09:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\System32\antiwpa.dll >
< %systemroot%\SYSTEM32\wpa.dll >
< %systemroot%\setup\scripts\biestart.exe >
< %systemroot%\system32\drivers\royal.sys >
< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >
< %TEMP%\antiwpa_crypt.dll >
< %TEMP%\antiwpa.dll /s >
< %PROGRAMFILES%\antiwpa.dll /s >
< %systemroot%\system32\crypt.dll >
< %TEMP%\crypt.dll >
< %SYSTEMDRIVE%\*. >
[2009/08/09 20:13:39 | 00,000,000 | ---D | M] -- C:
[2009/08/09 12:55:17 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
[2006/11/19 01:26:59 | 00,000,000 | ---D | M] -- C:\1ff0fa629997e3d5ebe17ff2138ad331
[2007/02/18 14:35:35 | 00,000,000 | ---D | M] -- C:\82bc21b50213486ee7ac61
[2007/03/21 12:57:47 | 00,000,000 | ---D | M] -- C:\85108b9cb6c0cf6a4e860097f8d7
[2006/12/09 12:38:06 | 00,000,000 | ---D | M] -- C:\a6c50bca84b8871a5c0d7c4fa36c93
[2006/01/10 22:29:55 | 00,000,000 | ---D | M] -- C:\APPS
[2006/01/10 22:13:53 | 00,000,000 | RHSD | M] -- C:\cmdcons
[2009/08/09 00:46:01 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2007/05/27 12:39:03 | 00,000,000 | ---D | M] -- C:\ConvertTemp
[2006/01/10 22:17:42 | 00,000,000 | -H-D | M] -- C:\DIVTOOLS
[2008/01/10 13:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2006/01/10 23:51:39 | 00,000,000 | -HSD | M] -- C:\DRIVERS
[2007/07/12 08:07:27 | 00,000,000 | ---D | M] -- C:\f9e766ca629ee8423148
[2007/04/06 11:17:50 | 00,000,000 | -HSD | M] -- C:\found.000
[2008/02/17 11:22:14 | 00,000,000 | -HSD | M] -- C:\found.001
[2006/01/10 22:17:05 | 00,000,000 | ---D | M] -- C:\My Music
[2009/08/08 16:22:00 | 00,000,000 | ---D | M] -- C:\NoLopBackups
[2006/01/10 22:39:38 | 00,000,000 | -H-D | M] -- C:\PNP
[2009/08/09 18:59:07 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/08/08 16:30:10 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/08/09 20:40:35 | 00,000,000 | ---D | M] -- C:\Rooter$
[2006/01/10 22:06:16 | 00,000,000 | ---D | M] -- C:\SiS VGA Utilities V3.65
[2006/01/10 23:50:40 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/08/09 18:54:00 | 00,000,000 | ---D | M] -- C:\WINDOWS
< %SYSTEMDRIVE%\*.* >
[2006/01/10 22:09:42 | 00,000,210 | RHS- | M] () -- C:\BOOT.BAK
[2006/01/10 23:52:18 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/04 15:00:00 | 00,260,272 | RHS- | M] () -- C:\cmldr
[2009/08/08 16:38:01 | 00,000,106 | ---- | M] () -- C:\delete.bat
[2006/01/10 22:52:58 | 00,005,365 | ---- | M] () -- C:\DWNLOG.TXT
[2006/06/25 20:31:11 | 00,000,047 | ---- | M] () -- C:\GESYSTEM.LOG
[2009/08/09 20:09:17 | 20,006,9120 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/23 20:55:31 | 29,729,198 | ---- | M] () -- C:\hopelessrob.cm4
[2006/01/10 22:13:34 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/10 22:17:42 | 00,000,882 | -H-- | M] () -- C:\IPH.PH
[2006/01/10 22:52:58 | 00,005,365 | ---- | M] () -- C:\MCDLOG.TXT
[2006/06/25 20:31:10 | 00,000,047 | ---- | M] () -- C:\MEM.LOG
[2006/01/10 22:13:34 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/08 16:41:27 | 00,005,617 | ---- | M] () -- C:\NoLop.log
[2009/08/08 16:30:38 | 00,005,648 | ---- | M] () -- C:\NoLopOLD.log
[2004/08/04 15:00:00 | 00,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2008/08/19 13:58:23 | 00,250,048 | ---- | M] () -- C:\NTLDR
[2009/08/09 20:41:35 | 31,677,6448 | -HS- | M] () -- C:\pagefile.sys
[2009/08/09 20:41:38 | 00,002,026 | ---- | M] () -- C:\RootRepeal report 08-09-09 (20-41-38).txt
[2009/07/15 22:33:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/26 14:29:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/31 23:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/08 15:26:26 | 00,000,280 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/08 15:33:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/08 16:19:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/04 22:14:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/05 12:21:52 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/05 12:26:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/05 12:29:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/22 11:27:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/12 15:48:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/12 16:12:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/12 23:05:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/13 21:16:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/06/14 12:13:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/06/14 12:46:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/14 12:49:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/06/14 12:54:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/07/14 21:03:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/07/15 22:33:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/26 14:29:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/31 23:01:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/08 15:26:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/08 15:33:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/08 16:19:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/04 22:14:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/05 12:21:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/05 12:26:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/05 12:29:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/22 11:27:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/12 15:48:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/12 16:12:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/12 23:05:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/13 21:16:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/06/14 12:13:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/06/14 12:46:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/06/14 12:49:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/06/14 12:54:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/07/14 21:03:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/01/10 22:52:58 | 00,000,000 | ---- | M] () -- C:\UPDFLOP.TAG
< %PROGRAMFILES%\*. >
[2009/08/09 18:59:07 | 00,000,000 | R--D | M] -- C:\Program Files
[2006/01/10 22:15:27 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/01/15 12:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\AOL 9.0
[2006/01/10 22:17:39 | 00,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2009/08/07 22:20:03 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2006/01/10 22:05:18 | 00,000,000 | ---D | M] -- C:\Program Files\AvRack
[2008/04/17 16:54:01 | 00,000,000 | ---D | M] -- C:\Program Files\BingoLinerUK
[2007/07/17 13:38:26 | 00,000,000 | ---D | M] -- C:\Program Files\Bodog Poker
[2006/01/28 16:44:18 | 00,000,000 | ---D | M] -- C:\Program Files\Bullfrog
[2009/08/08 19:06:06 | 00,000,000 | ---D | M] -- C:\Program Files\CA
[2006/04/14 16:04:39 | 00,000,000 | ---D | M] -- C:\Program Files\Codemasters
[2009/08/09 00:43:33 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/08/08 19:02:49 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/01/10 22:24:29 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/04/19 20:29:10 | 00,000,000 | ---D | M] -- C:\Program Files\DownloadManager
[2006/04/21 19:24:33 | 00,000,000 | ---D | M] -- C:\Program Files\Eidos Interactive
[2009/08/09 18:46:44 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2006/11/18 18:32:38 | 00,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2008/04/29 15:44:02 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2006/02/13 17:16:16 | 00,000,000 | ---D | M] -- C:\Program Files\iMeshBar
[2008/05/02 21:07:11 | 00,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2009/08/08 15:03:18 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/08/08 23:45:06 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2006/01/10 22:17:30 | 00,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2007/07/19 12:15:01 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/08/09 18:59:22 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/10/28 18:09:46 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis
[2008/08/19 14:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/13 23:36:55 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/10 17:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/01/10 22:27:59 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/07/20 21:20:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mingjong
[2008/08/19 14:06:26 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/09 20:13:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2002/01/13 09:38:43 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/01/13 17:00:04 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2006/11/18 18:31:18 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Games
[2004/08/10 17:54:32 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/19 01:26:56 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/08/19 14:02:18 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/10 17:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/08/19 14:02:12 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/05/04 22:56:25 | 00,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2007/07/20 21:19:24 | 00,000,000 | ---D | M] -- C:\Program Files\PC Camera
[2002/01/13 09:39:47 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2006/01/10 22:05:18 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2006/01/10 22:29:00 | 00,000,000 | ---D | M] -- C:\Program Files\Sonic
[2006/02/13 16:42:30 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2007/08/18 19:47:41 | 00,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
[2009/08/09 18:36:14 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/09 00:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/08/09 14:24:47 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/05/02 16:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2004/08/10 18:04:40 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/04/21 23:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\Vg
[2006/01/10 22:17:29 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/08/08 19:06:09 | 00,000,000 | ---D | M] -- C:\Program Files\Virgin Broadband
[2008/09/14 20:04:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2008/09/14 20:05:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2008/09/14 20:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2007/07/20 21:20:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2002/01/05 11:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/19 14:02:12 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 17:57:02 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/11/27 18:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\WordBiz
[2004/08/10 17:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/07/19 12:09:59 | 00,000,000 | ---D | M] -- C:\Program Files\Zylom Games
< %systemroot%\*.exe >
[2004/09/01 21:04:00 | 00,139,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2004/11/05 17:29:00 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2004/11/24 15:05:54 | 00,032,768 | ---- | M] () -- C:\WINDOWS\InstFunc.exe
[1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2008/04/14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/14 01:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2003/07/02 18:03:48 | 00,024,576 | ---- | M] () -- C:\WINDOWS\slrundll.exe
[2003/07/02 18:44:48 | 00,061,440 | ---- | M] () -- C:\WINDOWS\SmCfg.exe
[2005/01/20 21:04:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2004/08/04 15:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2004/08/04 15:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2004/08/04 15:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2004/08/04 15:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2008/04/14 01:12:39 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2008/04/27 15:04:10 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
< %systemroot%\system32\drivers\*.exe >
< %systemroot%\system32\drivers\*.dat >
[2005/03/17 16:35:52 | 00,001,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\alcxinit.dat
< %systemroot%\system\*.exe >
< %PROGRAMFILES%\*.* >
< %APPDATA%\*.* >
[2004/08/10 17:47:10 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\robert\Application Data\desktop.ini
[2006/07/10 19:41:30 | 01,414,801 | ---- | M] () -- C:\Documents and Settings\robert\Application Data\Install.dat
< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\robert\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SN047570920348
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\robert
LOGONSERVER=\\SN047570920348
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\robert\LOCALS~1\Temp
TMP=C:\DOCUME~1\robert\LOCALS~1\Temp
USERDOMAIN=SN047570920348
USERNAME=robert
USERPROFILE=C:\Documents and Settings\robert
windir=C:\WINDOWS
< End of report >
OTL Extras logfile created on: 09/08/2009 20:47:17 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\robert\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
190.73 Mb Total Physical Memory | 38.93 Mb Available Physical Memory | 20.41% Memory free
477.15 Mb Paging File | 87.84 Mb Available in Paging File | 18.41% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 133.82 Gb Free Space | 89.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SN047570920348
Current User Name: robert
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA -- File not found
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA -- File not found
"C:\Program Files\iMesh\iMesh5\iMesh.exe" = C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5 -- File not found
"C:\Program Files\p2pnetworks\p2pnetworks.exe" =
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BingoLinerUK\LinerUK.exe" = C:\Program Files\BingoLinerUK\LinerUK.exe:*:Enabled:BingoLiner UK -- (Leap Frog Gaming)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{10C1A383-5FB9-4868-859C-E64F6822E9C8}" = Sony Ericsson Mobile Phone Monitor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15
"{2F84AD97-6952-4801-A20B-7C8DD1E9A301}" = CapMan
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Labtec WebCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE
"{ECF6CB25-95A7-403F-89C2-F72E44EFE0CB}" = PC Suite
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus
"Lexmark Z600 Series" = Lexmark Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QcDrv" = Labtec® Camera Driver
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.14
"SiS VGA Driver" = SiS VGA Utilities
"Ulead COOL 360 1.0" = Ulead COOL 360 1.0
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31/07/2009 16:22:19 | Computer Name = SN047570920348 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 31/07/2009 16:22:20 | Computer Name = SN047570920348 | Source = Application Error | ID = 1000
Description = Faulting application bleh dale.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 31/07/2009 16:23:47 | Computer Name = SN047570920348 | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 8.5.1302.1018, faulting
module msidcrl40.dll, version 4.100.313.1, fault address 0x00084c40.
Error - 08/08/2009 09:42:43 | Computer Name = SN047570920348 | Source = Application Hang | ID = 1002
Description = Hanging application RPS.exe, version 6.0.1.22212, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 08/08/2009 10:28:18 | Computer Name = SN047570920348 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 08/08/2009 11:34:43 | Computer Name = SN047570920348 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3497, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 08/08/2009 11:53:22 | Computer Name = SN047570920348 | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.5.0.401, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011836.
Error - 08/08/2009 14:01:21 | Computer Name = SN047570920348 | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "SELECT * FROM PDEvent"
whose target class "PDEvent" does not exist. The query will be ignored.
Error - 08/08/2009 14:22:16 | Computer Name = SN047570920348 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 08/08/2009 14:22:16 | Computer Name = SN047570920348 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
[ System Events ]
Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The CyberLink Task Scheduler (CTS) service terminated unexpectedly.
It has done this 1 time(s).
Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The CyberLink Media Library Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The Generic Service for HID Keyboard Input Collections service terminated
unexpectedly. It has done this 1 time(s).
Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).
Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 09/08/2009 13:49:30 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The STI Simulator service terminated unexpectedly. It has done this
1 time(s).
Error - 09/08/2009 13:49:31 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).
Error - 09/08/2009 13:52:40 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2
Error - 09/08/2009 15:09:38 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2
Error - 09/08/2009 15:09:40 | Computer Name = SN047570920348 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
< End of report >
Thanks for any help you can provide. Aside from any outstanding Malware/virus etc if there's any useless programs installed (or processes etc) that I can get rid of I would love to know because his system has started to run faster with some of the junk gone but it's still not great.
Thanks again
Steve
EDIT : Sorry I forgot to mention 2 things.
Firstly one of his sons had downloaded 'limewire' which might be where all the malware/viruses were coming from - I've deleted it and checked for other p2p programs but can't see any (if there is something listed above it's because I haven't seen it but I will gladly delete anything else - his sons won't be downloading p2p things again).
Second when I ran OTL and closed it I realised there was an option for 'All Users'. I hadn't clicked this because I was following the directions for 'How To Post An OTL Log' to the letter. There are 3 users accounts on this computer - my friend and his two sons - and I'm not sure if this will affect the information you get from the report or not.
Thanks
-
Hi,
I'm trying to help a friend who has had a lot of problems with his computer and I wanted someone to check that I've fixed everything (or help finish if I haven't got all the programs) please. Basically I found a lot of LOP type programs (Chin Ping Phone Pile etc) and other stuff so I searched online and followed directions on this site for removing them. So far I have run AVG, Spybot, SuperAntiSpyware and HijackThis and all found problems and removed them (and they all now show as 'system clear' when run except for HijackThis which I don't have enough knowledge of to say for sure this is the case. I will post the log below and would appreciate it if anyone could have a look over it and check it for me.
Many thanks
Malware / Lop Problems
in Windows 10, 8, 7, Vista, and XP
Posted
Thanks for your help TheTerrorist 75
I followed the instructions in your post and have now created a new thread with the correct information in it (I hope). Sorry about posting in the wrong forum - my only excuse is I am working on my computer and trying to fix my friends at the same time before he has to leave with it (he's only visiting for a few days) but I should have paid more attention .
Thanks again