Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant access router after virus removal

Started by robinary , Aug 17 2009 11:28 AM

  • Please log in to reply

#1
robinary
Posted 17 August 2009 - 11:28 AM

robinary

    New Member

  • Member
  • Pip
  • 3 posts
Hi Guys

Been given a friends machine that wouldnt complete windows updates,

Machine would link to internet directly plugged into my router,

Have removed Virumonde using SuperAntiSpyware Free,

Removed Win32: BHO-BG, Win32:Agent-HOP, Win32:Trojano-2280 with Avast Antivirus.

Now cant connect to internet, or ping my router?

Ipconfig shows my auto configuration address IP as 169.254.21.89?

default gateway: 169.254.21.89

ipconfig /release

then ipconfig /renew

tells me that it was unable to connect to my DHCP server?

Can you help?
  • 0

Advertisements

#2
robinary
Posted 19 August 2009 - 05:08 AM

robinary

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I've now read the malware removal guide, and have followed the instructions.

Here are my logs:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

19/08/2009 11:38:29
mbam-log-2009-08-19 (11-38-23).txt

Scan type: Quick Scan
Objects scanned: 105668
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\eeshellx.shellext (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0e6117e2-c367-4be3-8045-52669e71b5df} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f272845d-cec2-4f95-92ee-6d08fdfbd471} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7c6e906-b0b8-4810-ae82-71809ed409eb} (Rogue.EvidenceEliminator) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a7c6e906-b0b8-4810-ae82-71809ed409eb} (Rogue.EvidenceEliminator) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.

Files Infected:
C:\WINDOWS\SYSTEM32\Eeshellx.dll (Rogue.EvidenceEliminator) -> No action taken.
C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk (Rogue.EvidenceEliminator) -> No action taken.
C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk (Rogue.EvidenceEliminator) -> No action taken.
C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk (Rogue.EvidenceEliminator) -> No action taken.
C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk (Rogue.EvidenceEliminator) -> No action taken.

OTL logfile created on: 19/08/2009 11:54:15 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = F:\Computer Recovery
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

511.49 Mb Total Physical Memory | 209.38 Mb Available Physical Memory | 40.94% Memory free
1.47 Gb Paging File | 1.15 Gb Available in Paging File | 78.48% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 192.00 Gb Total Space | 170.55 Gb Free Space | 88.83% Space Free | Partition Type: FAT32
Drive D: | 40.84 Gb Total Space | 40.48 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1003.34 Mb Total Space | 957.23 Mb Free Space | 95.40% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E5P3Q0
Current User Name: Dave Scholes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/05 21:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2001/08/09 02:01:00 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe
PRC - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/14 01:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/10/15 18:00:20 | 01,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe
PRC - [2007/10/31 10:19:50 | 00,378,784 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
PRC - [2003/09/11 04:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
PRC - [2007/06/14 18:32:40 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2009/02/05 21:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2009/04/25 11:56:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dave Scholes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2002/04/07 07:22:12 | 00,036,864 | ---- | M] (Unitek) -- C:\Program Files\HotKey\HotKey.exe
PRC - [2004/02/11 09:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\Wzqkpick.exe
PRC - [2002/04/16 16:11:28 | 00,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/11 14:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2004/08/04 12:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/08/19 09:39:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\Computer Recovery\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 21:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2001/08/09 02:01:00 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/04/06 21:03:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b6f2c14c47d0 [Auto | Stopped])
SRV - [2009/04/06 21:00:36 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/03 15:49:08 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 21:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2009/02/05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 21:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 21:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2004/08/03 22:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2002/11/18 15:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running])
DRV - [2006/03/15 10:51:52 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2008/04/13 19:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/08/17 13:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Running])
DRV - [2009/07/03 15:49:10 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/02/24 12:29:14 | 00,162,176 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\pfc027.sys -- (PAC207 [On_Demand | Stopped])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/12/11 22:11:30 | 00,030,464 | ---- | M] (THOMSON Telecom Belgium) -- C:\WINDOWS\System32\drivers\st330.sys -- (ST330 [On_Demand | Stopped])
DRV - [2006/12/11 22:11:30 | 00,012,672 | ---- | M] (THOMSON Telecom Belgium) -- C:\WINDOWS\System32\drivers\stbus.sys -- (STBUS [On_Demand | Stopped])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2006/12/11 22:11:32 | 00,032,000 | ---- | M] (THOMSON Telecom Belgium) -- C:\WINDOWS\System32\DRIVERS\stppp.sys -- (stppp [On_Demand | Stopped])
DRV - [2005/07/20 02:45:18 | 00,366,736 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/17 10:19:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/17 12:41:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2005/04/21 21:49:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2005/04/21 21:49:42 | 00,000,000 | ---D | M]

[2005/09/20 22:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\mozilla\Firefox\Profiles\s7tnst7j.default\extensions
[2005/04/21 21:59:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/04/21 21:59:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/17 15:51:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/03/01 20:02:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2008/02/15 11:30:34 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/02/15 11:30:32 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\MYSPELL.DLL
[2008/02/15 11:30:34 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/02/15 11:30:32 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/02/15 11:30:32 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/09/15 18:26:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2004/06/09 16:03:02 | 00,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/02/15 11:30:34 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/08/17 12:17:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/17 12:17:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/17 12:17:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/17 12:17:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/17 12:17:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/17 12:17:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/17 12:17:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/01/18 10:51:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/18 10:51:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/18 10:51:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/18 10:51:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/18 10:51:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/18 10:51:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/14 05:13:50 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\SysTray.Exe (Microsoft Corporation)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Dave Scholes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe (Unitek)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\Wzqkpick.exe (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1146503860119 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://80.176.132.84...sCamControl.cab (CamImage Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.n...nt/TIClient.cab (ClientPlugin Object)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/02 12:25:52 | 00,000,228 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/08/24 20:34:26 | 00,000,349 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/04/21 22:00:52 | 00,000,310 | ---- | M] () - C:\AUTOEXEC.001 -- [ FAT32 ]
O32 - AutoRun File - [2005/04/22 10:06:08 | 00,000,330 | ---- | M] () - C:\AUTOEXEC.002 -- [ FAT32 ]
O33 - MountPoints2\{f61abaf0-5ec4-11db-b429-000e50e552be}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/08/19 11:38:45 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\deopeti.sys
[2009/08/19 10:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Scholes\Application Data\Malwarebytes
[2009/08/19 10:49:21 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/19 10:49:18 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/19 10:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/19 10:49:16 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/19 10:49:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/19 10:48:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/19 10:48:18 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/19 10:48:15 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Dave Scholes\Desktop\NTREGOPT.lnk
[2009/08/19 10:48:15 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Dave Scholes\Desktop\ERUNT.lnk
[2009/08/19 10:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/17 18:02:34 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/08/17 17:54:31 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2009/08/17 17:54:30 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/08/17 17:54:29 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/08/17 17:54:29 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/08/17 17:54:28 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/08/17 17:54:27 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/08/17 17:54:27 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/08/17 17:54:26 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/08/17 17:54:25 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/08/17 17:54:24 | 00,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2009/08/17 17:54:23 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/08/17 17:54:23 | 00,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2009/08/17 17:54:22 | 00,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2009/08/17 17:54:22 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2009/08/17 17:54:21 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/08/17 17:54:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009/08/17 17:54:20 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2009/08/17 17:54:19 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/08/17 17:54:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/08/17 17:54:18 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/08/17 17:54:18 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/08/17 17:54:17 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2009/08/17 17:54:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/08/17 17:53:48 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/08/17 16:15:14 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/17 16:01:20 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\robin.bat
[2009/08/17 14:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Scholes\Application Data\Uniblue
[2009/08/17 14:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/08/17 12:51:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/17 12:50:57 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/17 12:49:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/17 12:49:45 | 00,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/17 12:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/08/17 12:49:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/17 12:47:58 | 00,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RichTx32.ocx
[2009/08/17 12:47:58 | 00,143,360 | ---- | C] (Robin Hood Software Ltd) -- C:\WINDOWS\System32\EEGenFn1.dll
[2009/08/17 12:47:58 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.ocx
[2009/08/17 12:47:58 | 00,114,696 | ---- | C] (Teletech Systems, Inc.) -- C:\WINDOWS\System32\Fablock6.ocx
[2009/08/17 12:47:58 | 00,040,712 | ---- | C] (evidence-eliminator.com) -- C:\WINDOWS\System32\eetransx.exe
[2009/08/17 12:47:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSGHOO32.OCX
[2009/08/17 12:47:58 | 00,024,620 | ---- | C] () -- C:\WINDOWS\System32\alert2093.wav
[2009/08/17 12:47:56 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2009/08/17 12:40:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/17 12:40:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/17 12:40:46 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/17 12:40:03 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/17 12:40:03 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/17 12:40:03 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/17 12:40:03 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/17 12:40:03 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/17 12:40:03 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/17 12:40:03 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/17 12:40:02 | 00,000,000 | ---D | C] -- C:\11c5ab69cfafa803dc06
[2009/08/17 12:39:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/17 12:21:41 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/17 12:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/17 12:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/17 12:20:01 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/17 12:18:18 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/08/17 12:17:32 | 00,001,508 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/08/17 12:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/08/17 11:11:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/17 11:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/17 11:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Scholes\Application Data\SUPERAntiSpyware.com
[2009/08/17 11:01:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Scholes\Application Data\Lavasoft
[2009/08/17 11:00:44 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 11:00:44 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/17 11:00:43 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 11:00:42 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 11:00:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/17 11:00:39 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 11:00:39 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 11:00:38 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 11:00:38 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 11:00:04 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 11:00:04 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/17 11:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/17 10:19:37 | 00,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2009/08/17 10:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2009/08/17 10:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2009/08/17 10:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/17 10:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/17 09:44:34 | 00,000,000 | ---D | C] -- C:\4f09c0126f0d3318cbeedc81397637bb
[2009/08/17 09:44:31 | 00,000,000 | ---D | C] -- C:\300ba998c828062c6f
[2009/08/17 09:02:01 | 00,000,000 | ---D | C] -- C:\c4a4795dc1a87bb7e237da8ea6
[2009/08/17 09:01:51 | 00,000,000 | ---D | C] -- C:\87fd18875255612ac7a1ebfe58683e3e
[2009/08/16 18:00:04 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2009/08/16 17:55:12 | 00,000,000 | ---D | C] -- C:\d0fa0837d463674fb6
[2009/08/16 17:55:09 | 00,000,000 | ---D | C] -- C:\b7277e104d2193096e0d1cb3fe2ffb02
[2009/08/16 15:12:47 | 00,000,000 | ---D | C] -- C:\6f30fc777cd001a3a6a25597be147d15
[2009/08/16 15:12:43 | 00,000,000 | ---D | C] -- C:\a4ba16524d284e3723153c2750
[2009/08/16 09:22:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2009/08/16 09:05:59 | 00,000,000 | ---D | C] -- C:\f149f9a4fc6194b48455
[2009/08/16 09:05:55 | 00,000,000 | ---D | C] -- C:\9b26b4b8f7c9d0fec90359b9
[2009/08/15 08:16:42 | 00,000,000 | ---D | C] -- C:\709f88739fec69c0ae
[2009/08/15 08:16:34 | 00,000,000 | ---D | C] -- C:\a66fb88389ba52290a491c51a44fed
[2009/08/14 20:17:39 | 00,000,000 | ---D | C] -- C:\3a456f708007027774f4fd
[2009/08/14 20:17:35 | 00,000,000 | ---D | C] -- C:\6a2b154f39208110677709
[2009/08/13 15:33:12 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 15:33:12 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled(2).ocx
[2009/08/13 15:32:53 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/13 15:32:53 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe(2).dll
[2009/08/12 07:33:55 | 11,297,746 | ---- | C] () -- C:\Documents and Settings\Dave Scholes\My Documents\carrrrr.BMP
[2009/08/05 10:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd(2).dll
[2007/03/20 17:05:34 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\dylkmjno.ini
[2007/03/16 17:57:23 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\uuhtitdi.ini
[2007/03/16 15:53:06 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\cmgogtua.ini
[2007/03/11 15:41:58 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\kxdyjsdn.ini
[2007/03/10 16:33:02 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\qfcejuhm.ini
[2007/03/09 15:50:25 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\oupumatc.ini
[2007/03/08 18:16:07 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\vvwwytoc.ini
[2007/03/07 17:43:14 | 00,000,296 | -HS- | C] () -- C:\WINDOWS\System32\qqkcspqj.ini
[2007/03/02 16:41:43 | 01,260,119 | -HS- | C] () -- C:\WINDOWS\System32\fadudkmy.ini
[2007/01/27 16:43:45 | 00,000,024 | ---- | C] () -- C:\WINDOWS\c_dilla.ini
[2006/11/05 20:38:42 | 00,000,288 | ---- | C] () -- C:\WINDOWS\nokiaimageconverter.INI
[2006/07/21 16:25:41 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/04/02 15:44:18 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/04 16:28:06 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2005/12/04 11:21:19 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/10/22 17:04:52 | 00,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/10/22 17:00:04 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2005/10/08 21:12:04 | 00,000,165 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/09/21 09:36:28 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/09/21 09:36:26 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2005/09/21 09:36:26 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2005/09/21 09:36:26 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2005/09/20 22:39:14 | 00,015,620 | ---- | C] () -- C:\WINDOWS\CMAUDIO.INI
[2005/09/20 22:39:14 | 00,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/09/20 22:39:14 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/09/20 22:39:14 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/09/20 22:39:14 | 00,004,335 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2005/09/20 22:39:14 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/09/20 22:39:14 | 00,001,750 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/20 22:39:14 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2005/09/20 22:39:14 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/09/20 22:39:14 | 00,000,534 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/09/20 22:39:14 | 00,000,401 | ---- | C] () -- C:\WINDOWS\dialer.ini
[2005/09/20 22:39:14 | 00,000,239 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/09/20 22:39:14 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/09/20 22:39:14 | 00,000,224 | ---- | C] () -- C:\WINDOWS\protocol.ini
[2005/09/20 22:39:14 | 00,000,167 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2005/09/20 22:39:14 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/09/20 22:39:14 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/09/20 22:39:14 | 00,000,033 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2005/09/20 22:39:14 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/09/20 22:39:14 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/09/20 22:39:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/09/20 22:39:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2005/09/20 22:12:22 | 00,002,032 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/09/20 22:12:11 | 00,000,457 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/09/06 23:07:06 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ATI2EVXX.DLL
[2005/04/02 19:40:49 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2005/04/02 19:40:46 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[2005/02/24 12:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/01/25 15:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/12/26 16:24:17 | 00,022,068 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/12/26 16:24:17 | 00,017,324 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/02 11:42:51 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\CMedia.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/23 02:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/19 11:38:46 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\deopeti.sys
[2009/08/19 11:30:54 | 00,000,104 | ---- | M] () -- C:\WINDOWS\Mycomputer.lnk
[2009/08/19 11:30:34 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/19 11:30:30 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/19 11:30:18 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/19 11:29:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 11:28:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/19 11:28:52 | 53,640,3968 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/19 11:05:20 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/19 10:49:22 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/19 10:48:20 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Dave Scholes\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/19 10:48:16 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Dave Scholes\Desktop\NTREGOPT.lnk
[2009/08/19 10:48:16 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Dave Scholes\Desktop\ERUNT.lnk
[2009/08/19 10:27:04 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/08/17 16:01:46 | 00,000,053 | ---- | M] () -- C:\WINDOWS\System32\robin.bat
[2009/08/17 15:51:28 | 00,526,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/17 15:51:28 | 00,446,824 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/17 15:51:28 | 00,073,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/17 15:48:54 | 00,000,478 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/08/17 15:48:08 | 00,002,032 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/17 14:04:00 | 00,103,296 | ---- | M] () -- C:\Documents and Settings\Dave Scholes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/17 13:53:18 | 00,477,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/17 12:51:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/17 12:49:46 | 00,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/17 12:21:42 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/17 12:17:34 | 00,001,508 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/08/17 11:54:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/17 11:00:46 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/17 11:00:40 | 00,002,989 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/17 10:19:40 | 00,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2009/08/17 09:03:40 | 00,002,241 | ---- | M] () -- C:\Documents and Settings\Dave Scholes\Desktop\Google Chrome.lnk
[2009/08/16 09:06:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/16 09:06:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/16 09:06:38 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/16 09:06:38 | 00,000,172 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/16 09:05:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/08/16 09:05:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/16 09:05:50 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/08/16 09:05:50 | 00,000,172 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/15 18:11:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/15 18:11:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/08/15 18:11:38 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/15 18:11:38 | 00,000,172 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/15 08:15:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/15 08:15:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/08/15 08:01:44 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/15 08:01:44 | 00,000,172 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/08/15 08:01:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/15 08:01:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/08/14 20:04:32 | 00,000,136 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/08/14 20:04:32 | 00,000,136 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/13 17:42:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/08/13 17:42:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/13 17:42:22 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/08/13 17:42:22 | 00,000,172 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/13 16:01:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/13 16:01:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/12 07:33:56 | 11,297,746 | ---- | M] () -- C:\Documents and Settings\Dave Scholes\My Documents\carrrrr.BMP
[2009/08/12 07:23:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/12 07:23:52 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/12 07:23:52 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/12 07:23:52 | 00,000,172 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/11 16:41:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/08/11 16:41:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/11 16:41:24 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/11 16:41:24 | 00,000,172 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/11 15:22:52 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/11 15:22:52 | 00,000,172 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/08/11 15:22:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/11 15:22:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/08 19:02:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/08 19:02:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd(2).dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 07:47:02 | 00,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1957994488-854245398-1004Core.job
[2009/07/27 23:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/27 23:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled(2).ocx

========== LOP Check ==========

[2005/09/20 22:26:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/04 17:57:52 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/17 12:20:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/17 12:49:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/01/09 19:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/02/15 19:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/08/24 22:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/03/01 16:00:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/05/02 20:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/03/10 21:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/11/17 09:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2005/10/01 11:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/07/09 17:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/05/18 16:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/01/15 21:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2006/07/21 23:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/02/15 19:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/04/02 16:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/03/04 16:31:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/10/22 17:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/02/28 20:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2005/09/20 22:26:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dave Scholes\Application Data
[2007/01/09 19:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\DataLayer
[2008/03/07 19:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Grisoft
[2005/10/22 17:03:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\InterTrust
[2006/07/09 17:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Nokia
[2006/05/01 15:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Nvu
[2005/09/20 22:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\OLYMPUS
[2006/05/01 15:02:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\OpenOffice.org2
[2006/07/09 17:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\PC Suite
[2007/04/24 20:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Screenshot Sender
[2008/05/02 19:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Sibelius Software
[2009/01/15 21:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Sony
[2008/02/15 19:55:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\TomTom
[2006/04/02 16:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\TuneUp Software
[2005/10/22 17:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Ulead Systems
[2009/08/17 14:16:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Scholes\Application Data\Uniblue
[2009/08/19 11:29:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/19 11:30:18 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/08/19 11:30:30 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/19 11:05:20 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2005/04/21 19:47:42 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/29 07:47:02 | 00,000,952 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1957994488-854245398-1004Core.job
[2009/08/17 12:51:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/08/19 10:27:04 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2009/08/17 11:54:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/19 11:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: cfgo.sys
Image Path: cfgo.sys
Address: 0xF8836000 Size: 61440 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2C8E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8D68000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB26B3000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d636b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d63574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d63a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d6314c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d6364e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d6308c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d630f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d6376e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d6372e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d638ae

==EOF==

Hope this is some help
  • 0

#3
robinary
Posted 20 August 2009 - 10:45 AM

robinary

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Seems to be working now.

Thanks anyway
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP