Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes shuts down after starting scan [Closed]

Started by stuartjohnsonpga , Sep 26 2009 10:18 AM

  • This topic is locked This topic is locked

#1
stuartjohnsonpga
Posted 26 September 2009 - 10:18 AM

stuartjohnsonpga

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I have a virus which and have been through the Malware and spyware cleaning guide but the Malwarebytes shuts down after a few seconds of the scan.

THe root Repeal report is as follows:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/26 16:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF675000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B4C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF8BE9000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED2B2000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF88D8000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xEF6FD000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed0add72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed08e9a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed08eb98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed0ae568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed0ae820

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed0aca80

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed0aec8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed0ae036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xed08e656

==EOF==

OTL.txt is:

OTL logfile created on: 26/09/2009 16:59:03 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Stu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.07 Mb Total Physical Memory | 190.44 Mb Available Physical Memory | 37.34% Memory free
1.22 Gb Paging File | 0.45 Gb Available in Paging File | 36.65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 34.39 Gb Free Space | 44.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIBBLES
Current User Name: Stu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2004/08/25 14:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/22 11:17:12 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2009/02/08 13:00:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/02/27 18:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\pctspk.exe
PRC - [2003/08/28 15:01:22 | 00,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2009/08/22 11:17:24 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 11:17:19 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/06/06 12:15:14 | 00,861,184 | ---- | M] (THOMSON multimedia) -- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
PRC - [2009/02/08 13:00:21 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/04/26 09:45:46 | 00,401,408 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/12/11 13:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/01 23:21:46 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/22 11:17:15 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/14 02:28:18 | 01,044,480 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2004/10/05 10:52:32 | 00,098,304 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/02/27 18:56:54 | 01,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/03/31 09:40:07 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/21 20:24:23 | 00,293,888 | ---- | M] (parabolizo) -- C:\documents and settings\stu\local settings\application data\wgpybr.exe
PRC - [2005/10/28 11:23:10 | 01,404,928 | ---- | M] (Belkin) -- C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
PRC - [2007/02/09 17:03:38 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/02/28 10:55:18 | 00,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/09/13 16:45:10 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/26 16:58:12 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stu\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/25 14:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/08/25 13:52:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/08/22 11:17:12 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/12/21 00:00:58 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/25 19:37:22 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/08 13:00:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/02/27 18:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\pctspk.exe -- (Pctspk [Auto | Running])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2003/08/28 15:01:22 | 00,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe....g/mail?.intl=uk
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://edit.europe.y...//uk.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 19:41:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/23 12:34:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 15:13:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/20 08:29:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/13 16:45:15 | 00,000,000 | ---D | M]

[2008/09/21 13:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\mozilla\Extensions
[2008/09/21 13:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/26 13:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\mozilla\Firefox\Profiles\zd9uhtml.default\extensions
[2009/09/14 15:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\mozilla\Firefox\Profiles\zd9uhtml.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/12 19:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\mozilla\Firefox\Profiles\zd9uhtml.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/26 13:48:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/12/19 23:43:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/13 16:45:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/04 18:35:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/02/08 13:00:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/13 16:45:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 16:45:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/08/04 14:00:00 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp60.dll
[2008/03/19 19:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/02/27 18:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/02/08 13:00:21 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/13 16:45:11 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/01 23:22:12 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/19 09:02:25 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/11/01 23:22:31 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/11/01 23:21:59 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/01/24 10:52:00 | 00,245,832 | ---- | M] (C Systems - Creative Software Solutions since 1996) -- C:\Program Files\mozilla firefox\plugins\npUMediaPlayer5.dll
[2009/03/29 10:56:21 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/29 10:56:21 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/13 09:41:56 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/03/29 10:56:21 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/29 10:56:21 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/29 10:56:21 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/29 10:56:21 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/29 10:56:21 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [wgpybr] c:\documents and settings\stu\local settings\application data\wgpybr.exe (parabolizo)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1166404261218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1166740828984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Nelson Thornes\Thinking Science\0-7487-7381-9\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Nelson Thornes\Thinking Science\0-7487-7381-9\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Nelson Thornes\Thinking Science\0-7487-7381-9\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Nelson Thornes\Thinking Science\0-7487-7381-9\hsppp.dll (EzTools Software)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/17 12:25:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/26 16:57:58 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stu\Desktop\OTL.exe
[2009/09/26 16:56:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\settings.dat
[2009/09/26 16:47:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Stu\Desktop\RootRepeal.exe
[2009/09/26 16:44:36 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/26 16:44:12 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/26 16:44:12 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/26 16:44:12 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/26 16:43:56 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/26 16:43:52 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/26 16:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/26 16:43:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/26 16:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stu\Application Data\PC Tools
[2009/09/26 16:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/26 16:41:24 | 26,733,120 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Stu\Desktop\sdsetup.exe
[2009/09/26 16:29:12 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/26 16:28:38 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/26 16:10:47 | 00,000,000 | ---D | C] -- C:\Kontiki
[2009/09/26 13:55:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/26 13:41:48 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stu\Desktop\stuff.exe
[2009/09/26 13:41:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/26 13:40:43 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\NTREGOPT.lnk
[2009/09/26 13:40:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\ERUNT.lnk
[2009/09/26 13:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/26 13:40:00 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Stu\Desktop\erunt_setup.exe
[2009/09/26 13:39:11 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Stu\Desktop\SysRestorePoint.exe
[2009/09/26 13:31:54 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stu\Desktop\TFC.exe
[2009/09/26 13:18:51 | 07,174,176 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\SUPERAntiSpyware.exe
[2009/09/26 13:17:51 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stu\Desktop\mbam-setup.exe
[2009/09/24 20:31:51 | 00,148,480 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/09/24 20:31:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/09/23 22:12:32 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Stu\My Documents\phys dept to do.xls
[2009/09/21 20:24:24 | 00,517,638 | ---- | C] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr_nav.dat
[2009/09/21 20:24:24 | 00,003,195 | ---- | C] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr.dat
[2009/09/21 20:24:24 | 00,002,581 | ---- | C] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr_navps.dat
[2009/09/21 20:24:23 | 00,293,888 | ---- | C] (parabolizo) -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr.exe
[2009/09/19 19:27:00 | 00,180,736 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\rory page 158a.xls
[2009/09/19 18:52:28 | 00,003,785 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\424px-OCR-A_char_Plus_Sign.svg.png
[2009/09/19 18:50:26 | 00,030,377 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\gemmill300x400.jpg
[2009/09/19 18:35:21 | 00,014,495 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\spoon-1.jpg
[2009/09/19 18:35:01 | 00,023,670 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\Synergy_saucepan_with_lid_-2.jpg
[2009/09/19 18:34:38 | 00,012,981 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\potatoes112.jpg
[2009/09/19 18:33:56 | 00,077,106 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\Heinz Soup - Cream of Tomato.jpg
[2009/09/17 18:30:51 | 00,139,492 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\prezzo.pdf
[2009/09/14 15:49:53 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/09/14 15:49:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/14 10:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/14 10:38:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stu\Application Data\PC Suite
[2009/09/14 10:36:37 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/09/14 10:36:34 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/09/14 09:17:18 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/09/13 17:31:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stu\Application Data\Nokia
[2009/09/13 17:30:58 | 00,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2009/09/13 17:29:28 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/09/13 17:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stu\Local Settings\Application Data\Nokia
[2009/09/13 17:27:58 | 00,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Music.lnk
[2009/09/13 17:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/09/13 17:23:32 | 00,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Photos.lnk
[2009/09/13 17:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2009/09/13 17:16:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/13 17:14:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Globalization
[2009/09/13 17:14:21 | 00,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2009/09/13 17:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2009/09/13 17:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/09/13 17:12:05 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2009/09/13 17:11:28 | 00,007,808 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2009/09/13 17:11:26 | 00,007,808 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2009/09/13 17:11:24 | 00,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2009/09/13 17:11:22 | 00,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2009/09/13 17:11:21 | 00,659,968 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2009/09/13 17:11:10 | 00,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2009/09/13 17:11:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2009/09/13 17:03:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/13 17:03:05 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/13 17:02:53 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/09/13 17:00:59 | 00,000,000 | ---D | C] -- C:\932369fe5adaee8f6833e26a
[2009/09/13 16:59:07 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/09/13 16:56:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/09/13 16:54:35 | 00,031,056 | ---- | C] () -- C:\Documents and Settings\Stu\Desktop\Crumbs.wav
[2009/09/13 16:49:38 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

========== Files - Modified Within 14 Days ==========

[2009/09/26 17:08:26 | 00,003,007 | ---- | M] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr_navps.dat
[2009/09/26 17:07:51 | 00,003,178 | ---- | M] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr.dat
[2009/09/26 16:58:12 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stu\Desktop\OTL.exe
[2009/09/26 16:56:27 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\settings.dat
[2009/09/26 16:47:25 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Stu\Desktop\RootRepeal.exe
[2009/09/26 16:45:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/26 16:43:56 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/26 16:42:32 | 26,733,120 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Stu\Desktop\sdsetup.exe
[2009/09/26 16:30:23 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/26 16:30:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/26 16:30:10 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/09/26 16:29:12 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/26 16:12:49 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/26 16:12:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/26 16:12:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/09/26 16:12:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/26 13:42:24 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stu\Desktop\stuff.exe
[2009/09/26 13:40:43 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\NTREGOPT.lnk
[2009/09/26 13:40:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\ERUNT.lnk
[2009/09/26 13:40:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Stu\Desktop\erunt_setup.exe
[2009/09/26 13:39:12 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Stu\Desktop\SysRestorePoint.exe
[2009/09/26 13:31:54 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stu\Desktop\TFC.exe
[2009/09/26 13:19:56 | 07,174,176 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\SUPERAntiSpyware.exe
[2009/09/26 13:18:36 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stu\Desktop\mbam-setup.exe
[2009/09/26 13:14:29 | 41,786,983 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/26 13:14:29 | 00,113,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/24 20:31:31 | 00,148,480 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/09/23 22:12:32 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Stu\My Documents\phys dept to do.xls
[2009/09/23 20:24:47 | 00,517,638 | ---- | M] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr_nav.dat
[2009/09/21 20:24:23 | 00,293,888 | ---- | M] (parabolizo) -- C:\Documents and Settings\Stu\Local Settings\Application Data\wgpybr.exe
[2009/09/19 19:27:00 | 00,180,736 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\rory page 158a.xls
[2009/09/19 18:52:28 | 00,003,785 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\424px-OCR-A_char_Plus_Sign.svg.png
[2009/09/19 18:50:32 | 00,030,377 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\gemmill300x400.jpg
[2009/09/19 18:35:21 | 00,014,495 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\spoon-1.jpg
[2009/09/19 18:35:02 | 00,023,670 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\Synergy_saucepan_with_lid_-2.jpg
[2009/09/19 18:34:39 | 00,012,981 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\potatoes112.jpg
[2009/09/19 18:33:58 | 00,077,106 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\Heinz Soup - Cream of Tomato.jpg
[2009/09/17 18:30:52 | 00,139,492 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\prezzo.pdf
[2009/09/14 15:49:53 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/14 15:20:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/14 15:17:03 | 00,500,366 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/14 15:17:03 | 00,440,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/14 15:17:03 | 00,070,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/14 10:39:59 | 00,022,616 | ---- | M] () -- C:\Documents and Settings\Stu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/14 10:36:37 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/09/14 10:36:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/09/14 09:10:36 | 01,419,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/13 17:30:58 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2009/09/13 17:27:58 | 00,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Music.lnk
[2009/09/13 17:23:32 | 00,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Photos.lnk
[2009/09/13 17:14:21 | 00,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2009/09/13 16:54:56 | 00,031,056 | ---- | M] () -- C:\Documents and Settings\Stu\Desktop\Crumbs.wav

========== LOP Check ==========

[2009/09/26 16:43:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/18 23:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/02/12 18:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/12/21 00:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/09/26 17:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/09/13 17:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/04/05 16:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/03/21 11:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/09/14 10:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/06/03 12:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/09/26 17:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/26 19:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/09/26 16:43:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Stu\Application Data
[2006/12/26 12:16:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\Ascaron Entertainment
[2009/05/26 21:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\AVGTOOLBAR
[2009/09/19 18:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\gtk-2.0
[2008/08/15 21:49:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\LimeWire
[2009/09/13 17:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\Nokia
[2009/09/14 10:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\PC Suite
[2009/05/23 08:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\PCenter
[2009/08/29 11:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\Spotify
[2007/06/29 19:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\Teleca
[2009/02/11 17:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\The Hobbit
[2009/08/31 18:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\U3
[2008/03/02 16:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\ubi.com
[2009/08/09 11:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\Unity
[2007/04/16 19:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\Unreal Streaming
[2008/12/22 18:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stu\Application Data\ZoomBrowser EX
[2009/08/20 08:03:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/26 16:12:49 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/09/26 16:12:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/26 16:30:10 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL extras report is:

OTL Extras logfile created on: 26/09/2009 16:59:03 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Stu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.07 Mb Total Physical Memory | 190.44 Mb Available Physical Memory | 37.34% Memory free
1.22 Gb Paging File | 0.45 Gb Available in Paging File | 36.65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 34.39 Gb Free Space | 44.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIBBLES
Current User Name: Stu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %* File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"D:\Setup\SetupST.exe" = D:\Setup\SetupST.exe:*:Enabled:SpeedTouch Setup Wizard -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{115DC143-58A1-4314-853D-FCA35D57EE8A}" = Sony Ericsson PC Suite
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29031977-EF5E-446E-B3E1-E66B6FA3895D}" = SCRABBLE® 2005 EDITION
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}" = Zoom ADSL Modem
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55F2843E-43EE-4D78-9A87-4910DBDA86C2}" = Catalyst Interactive Presentations 3
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{AB0CA3F2-6F31-440D-B64D-BAF8E2E3227D}" = Assessment for Learning KS 3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"0-7487-7381-9" = Thinking Science - Professional Edition
"360Share Pro" = 360Share Pro(remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CANONBJ_Deinstall_CNMCP50.DLL" = Canon i250
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CSCLIB" = Canon Camera Support Core Library
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ExamWizard EA_PHYSD" = ExamWizard Edexcel GCE Physics Demo
"freshplay" = freshplay
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"InstallShield_{55F2843E-43EE-4D78-9A87-4910DBDA86C2}" = Catalyst Interactive Presentations 3
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"Interactive Physics - Magnetism KS4" = Interactive Physics - Magnetism KS4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NI LabVIEW Run-Time Engine 5.1" = NI LabVIEW Run-Time Engine 5.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Port Royale 2" = Port Royale 2
"PrimoPDF3.1" = PrimoPDF
"PROSet" = Intel® PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scientific Enquiry_is1" = Scientific Enquiry
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 6.1
"SysInfo" = Creative System Information
"TescoDownloader" = Tesco Download Manager
"UnityWebPlayer" = Unity Web Player
"Virtual Physical Laboratory" = Virtual Physical Laboratory
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"wgpybr" = Favorit
"WilliamHillPoundXPBP15" = WH GBP Casino
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSC2005_1.0" = World Snooker Championship 2005
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2009 05:13:12 | Computer Name = TIBBLES | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.13, faulting module
belkinwcui.exe, version 1.0.0.13, fault address 0x000181b9.

Error - 19/09/2009 14:27:30 | Computer Name = TIBBLES | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/09/2009 16:26:37 | Computer Name = TIBBLES | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2009 08:14:37 | Computer Name = TIBBLES | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 26/09/2009 08:22:44 | Computer Name = TIBBLES | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 26/09/2009 08:22:45 | Computer Name = TIBBLES | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 26/09/2009 08:50:24 | Computer Name = TIBBLES | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 26/09/2009 11:29:11 | Computer Name = TIBBLES | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 26/09/2009 11:52:30 | Computer Name = TIBBLES | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 26/09/2009 11:52:30 | Computer Name = TIBBLES | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
unexpectedly. It has done this 1 time(s).

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The KService service terminated unexpectedly. It has done this 1
time(s).

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The PCTEL Speaker Phone service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The spkrmon service terminated unexpectedly. It has done this 1 time(s).

Error - 26/09/2009 08:32:27 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/09/2009 08:32:30 | Computer Name = TIBBLES | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >


Help please
Cheers
Stuart
  • 0

Advertisements

#2
Transience
Posted 26 September 2009 - 10:31 AM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.
  • Click on the Download EXE button.
  • The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
  • Take note of the name of the file (please don't change it), and then save it directly to your desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
  • Click Ok.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it to a location where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Click on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from ComboFix to cf.com. This name is important and must be exactly as I have given it to you here, including the .com file extension. After changing the name, click on the drop down menu for the box labeled Save as type: and change it to All files. Once you made these changes, save the file directly to your desktop.

Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here for instructions. Installing the recovery console if you're running an XP machine is another critical step. Although these prelimiary steps may seem unnecessary, by following the directions in that guide closely you give ComboFix the best possible chance at a successful run and minimize the likelihood of having serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave
  • 0

#3
Transience
Posted 28 September 2009 - 08:53 AM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Just checking in since it's been a couple days - still need any help on this one?
  • 0

#4
Transience
Posted 04 October 2009 - 11:11 AM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP