Ok I followed all the stuff in the Malware Threads and the slserv.exe is still running at start up and can't be deleted. I wondered - should I try it in safe mode?
Anyway - here are my logs - I hope this is everything you need. Let me know if there is anything else I can try.
Oh, btw - I had closed the slserv.exe in the task manager before doing all this so it';s not listed in the log. I hope that doesn't call problems - the thing is I can't run my laptop with it running as it easts CPU.
ROOTER LOGMicrosoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:57223 Mo/Free:1432 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
25/04/2009|23:06
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
---------- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
---------- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
---------- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
---------- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
---------- C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe
---------- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Jemma\Application Data\Azureus\torrents\+{mininova.org}+ NVIDIA PureVideo Decoder v1 02 233 Incl Keygen-SSG rar.torrent
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\Tracked_by_Demonoid_com.txt
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.exe
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack\WinRaR v3.40 Crack By TEAM
[email protected]1 - "C:\Rooter$\Rooter_1.txt" - 25/04/2009|23:08
----------------------\\ Scan completed at 23:08
OTLI logOTListIt logfile created on: 25/04/2009 23:11:45 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Jemma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.36 Mb Total Physical Memory | 551.98 Mb Available Physical Memory | 53.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.40 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEMMASLAPTOP
Current User Name: Jemma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Jemma\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HotspotShieldService [Auto | Running]) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv [Auto | Running]) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (SLService [Auto | Stopped]) -- C:\WINDOWS\system32\slserv.exe (Smart Link)
SRV - (TMBMServer [Auto | Running]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [On_Demand | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (tmproxy [On_Demand | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (AR5523 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wg11tnd5.sys (NETGEAR, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (DNINDIS5 [On_Demand | Running]) -- C:\WINDOWS\System32\DNINDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DP83815 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (FA312 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HssDrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys ( )
DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys ( )
DRV - (NtMtlFax [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys ( )
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RecAgent [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sea1bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sea1bus.sys (MCCI)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys ( )
DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys ( )
DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Vireo Software)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (tapvpn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tapvpn.sys (The OpenVPN Project)
DRV - (tmactmon [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\vsapint.sys (Trend Micro Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.co.uk/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "IMDb"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.19.1
FF - prefs.js..extensions.enabledItems:
[email protected]:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.4.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 21:13:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 21:13:45 | 00,000,000 | ---D | M]
[2008/09/08 18:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Extensions
[2008/09/08 18:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/25 12:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions
[2009/04/03 13:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/09/08 18:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2007/10/20 22:09:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions\
[email protected][2008/06/22 21:15:50 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Jemma\Application Data\Mozilla\FireFox\Profiles\ozntwpuz.default\searchplugins\IMDb.xml
[2008/06/22 21:15:50 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Jemma\Application Data\Mozilla\FireFox\Profiles\ozntwpuz.default\searchplugins\wikipedia.xml
[2009/04/25 12:09:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 21:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/18 23:43:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/28 15:15:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/18 21:19:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/29 18:36:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/23 21:13:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 21:13:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (848 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R320 Series on P180] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P43 "Auto EPSON Stylus Photo R320 Series on P180" /O15 "\\P180\Printer3" /M "Stylus Photo R320" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1137856395541 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{C62C0F5C-E356-4BF7-A87E-BAA20762F887}\\NameServer = 213.208.106.213,213.208.106.212
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{e8d4fee2-0177-11dc-ad4a-000fb59bae59}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files]
[2019/01/23 00:55:21 | 00,000,012 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2019/01/23 00:51:45 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/04/25 23:09:09 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jemma\Desktop\OTListIt2.exe
[2009/04/25 23:06:03 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 23:05:44 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\Rooter.exe
[2009/04/25 22:19:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/25 22:19:44 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/25 22:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/25 22:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jemma\Application Data\SUPERAntiSpyware.com
[2009/04/25 22:19:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/25 22:18:21 | 06,289,952 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\SUPERAntiSpyware.exe
[2009/04/25 12:42:56 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/25 12:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/25 12:41:38 | 00,175,504 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\activescan2_en.exe
[2009/04/25 12:27:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jemma\Application Data\Malwarebytes
[2009/04/25 12:27:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/25 12:27:41 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 12:27:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/25 12:27:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/25 12:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/25 12:06:41 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jemma\Desktop\mbam-setup.exe
[2009/04/23 22:16:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/04/23 21:59:25 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/04/23 21:59:25 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/04/23 21:59:25 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/04/23 21:58:54 | 00,000,799 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Trend Micro Internet Security.lnk
[2009/04/23 21:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/23 21:49:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro Anti Virus
[2009/04/23 21:24:44 | 81,779,752 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Jemma\Desktop\TrendMicro_TIS_16.1_1063_x32.exe
[2009/04/23 21:19:42 | 00,418,816 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\TIS_2008_installation_guideline_for_SHELL.DOC
[2009/04/15 22:24:38 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 22:24:38 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 22:24:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 22:24:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 22:24:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 22:24:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 22:24:34 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 22:24:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 22:24:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 22:21:54 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 22:21:53 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 22:21:53 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 19:52:51 | 00,082,174 | ---- | C] () -- C:\DOCUME~1\Jemma\My Documents\Tesco.com - Your Grocery or..0002.tif
[2009/03/30 13:04:27 | 00,026,112 | ---- | C] () -- C:\DOCUME~1\Jemma\My Documents\tax letter.doc
[2009/03/29 16:18:18 | 30,426,779 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\Aqualung - Still Life.piz
[2007/11/25 21:42:52 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/25 21:33:32 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER320.ini
[2006/09/22 18:58:44 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/12 22:03:02 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/30 22:58:08 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/30 22:01:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/22 23:29:11 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/01/21 16:01:25 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/01/21 16:01:25 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/01/21 15:37:26 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/01/21 15:37:26 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/01/21 15:37:26 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2006/01/21 15:28:18 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2005/10/14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 10:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2003/04/24 18:20:00 | 00,521,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/04/24 18:20:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/04/24 18:20:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/04/24 18:20:00 | 00,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/04/24 18:19:00 | 01,295,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/04/24 18:19:00 | 00,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2003/04/24 18:19:00 | 00,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/04/24 18:19:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2002/08/29 13:00:00 | 00,000,523 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/25 23:10:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 23:09:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jemma\Desktop\OTListIt2.exe
[2009/04/25 23:05:56 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\Rooter.exe
[2009/04/25 22:51:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 22:51:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 22:19:44 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/25 22:18:21 | 06,289,952 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\SUPERAntiSpyware.exe
[2009/04/25 12:41:39 | 00,175,504 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\activescan2_en.exe
[2009/04/25 12:27:41 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 12:07:17 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jemma\Desktop\mbam-setup.exe
[2009/04/23 21:58:54 | 00,000,799 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Trend Micro Internet Security.lnk
[2009/04/23 21:39:27 | 81,779,752 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Jemma\Desktop\TrendMicro_TIS_16.1_1063_x32.exe
[2009/04/23 21:23:22 | 00,000,523 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/23 21:23:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/23 21:23:22 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/23 21:19:44 | 00,418,816 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\TIS_2008_installation_guideline_for_SHELL.DOC
[2009/04/21 15:12:24 | 00,000,574 | ---- | M] () -- C:\DOCUME~1\Jemma\My Documents\My Sharing Folders.lnk
[2009/04/21 12:25:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 12:25:44 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Jemma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 15:00:35 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 15:00:35 | 00,381,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 15:00:35 | 00,053,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 19:52:53 | 00,082,174 | ---- | M] () -- C:\DOCUME~1\Jemma\My Documents\Tesco.com - Your Grocery or..0002.tif
[2009/04/06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 13:04:27 | 00,026,112 | ---- | M] () -- C:\DOCUME~1\Jemma\My Documents\tax letter.doc
[2009/03/29 16:24:27 | 30,426,779 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\Aqualung - Still Life.piz
[2009/03/27 07:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
< End of report >
EXTRASOTListIt Extras logfile created on: 25/04/2009 23:11:45 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Jemma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.36 Mb Total Physical Memory | 551.98 Mb Available Physical Memory | 53.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.40 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEMMASLAPTOP
Current User Name: Jemma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 File not found
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus File not found
C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord (www.BitLord.com)
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 File not found
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe:*:Enabled:Gizmo Project for LJ Talk File not found
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe:*:Disabled:Bonjour File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D}" = DP8381x 10/100 PCI Network Adapter Driver
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{668B2B3A-4241-409F-A4AE-79B5016A487E}" = Sony Ericsson PC Suite
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR320 Reference Guide" = ESPR320 Reference Guide
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HotspotShield" = Hotspot Shield 1.12
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D}" = DP8381x 10/100 PCI Network Adapter Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Paradise Poker" = Paradise Poker
"RealPlayer 6.0" = RealPlayer
"SLAMRNTV" = Smart Link 56K Modem
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/08/2008 08:53:28 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.7.1.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/08/2008 08:57:46 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.7.1.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/08/2008 11:33:44 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/11/2008 16:48:15 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application PhotoshopElements.exe, version 2.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/03/2009 08:51:44 | Computer Name = JEMMASLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
version 0.0.0.0, fault address 0x000058f3.
Error - 17/03/2009 13:14:55 | Computer Name = JEMMASLAPTOP | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\DOCUME~1\Jemma\LOCALS~1\Temp\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi
Error - 30/03/2009 15:12:17 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application pccguide.exe, version 15.30.0.1231, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 30/03/2009 15:12:17 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application pccguide.exe, version 15.30.0.1231, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 30/03/2009 15:13:24 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 396083397.
Error - 30/03/2009 15:13:57 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 24/04/2009 10:00:22 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 25/04/2009 06:51:57 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2
Error - 25/04/2009 06:56:15 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).
Error - 25/04/2009 07:37:02 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2
Error - 25/04/2009 07:37:02 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde
Error - 25/04/2009 07:38:44 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).
Error - 25/04/2009 17:42:42 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2
Error - 25/04/2009 17:43:39 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).
Error - 25/04/2009 17:51:17 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2
Error - 25/04/2009 17:51:35 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).
< End of report >