Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Recycle bin corrupt?


  • Please log in to reply

#1
colinhills1

colinhills1

    New Member

  • Member
  • Pip
  • 6 posts
Hi

My problem is with the recycle bin. At first I thought it was a corrupt file but now the problem is constant. I have 2 H/D's 'c' and 'd'. The problem occurs with both 'c' & 'd' drives.If I send any type of video file to Recycle Bin then try to empty the bin, the item disapears from the screen but is only hidden. The item still remains in the bin and can only be seen by uncovering 'hidden files & folders' and opening 'hide protected operating files'. My only method of deleting completely is to use 'unlocker' on the hidden files and then the item is removed after reboot. All other types of files are cleared from (both) recycle bins without any problems .

After reading of a similar situation on your site, I think this must be virus or malware related.

I have completed the required 'clean' up and virus scans as suggested. The reports requested are as follows.

Thank you for your assistance.
-------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 3135
Windows 5.1.2600 Service Pack 3

09/11/2009 21:35:16
mbam-log-2009-11-09 (21-35-16).txt

Scan type: Quick Scan
Objects scanned: 121417
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\UninstVeetleTVPlayer.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/10 09:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xBA8C8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ADIHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Address: 0xB63F4000 Size: 311296 File Visible: - Signed: -
Status: -

Name: AEAudio.sys
Image Path: C:\WINDOWS\system32\drivers\AEAudio.sys
Address: 0xB63DD000 Size: 93952 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB6188000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AnyDVD.sys
Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys
Address: 0xBABE0000 Size: 19200 File Visible: - Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ASACPI.sys
Address: 0xBADCE000 Size: 5152 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA731000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xBAF6F000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBAE3A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Camdrl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Camdrl.sys
Address: 0xB5E35000 Size: 1068416 File Visible: - Signed: -
Status: -

Name: CDAC15BA.SYS
Image Path: C:\WINDOWS\system32\drivers\CDAC15BA.SYS
Address: 0xA6F31000 Size: 8352 File Visible: - Signed: -
Status: -

Name: cdburner.sys
Image Path: cdburner.sys
Address: 0xBACBC000 Size: 15872 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA998000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrbsdrv.SYS
Image Path: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS
Address: 0xBAAC8000 Size: 33408 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xBAAD8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xBA918000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CO_Mon.sys
Image Path: C:\WINDOWS\system32\drivers\CO_Mon.sys
Address: 0xBAC80000 Size: 30592 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA908000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAB18000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5E1D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE5A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB6355000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAF46000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xB5F7F000 Size: 385024 File Visible: - Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Address: 0xBAE14000 Size: 8064 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xB5F62000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA52B3000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBABF0000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAAA8000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBAC98000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA6F9000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBAE38000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA749000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBABE8000 Size: 21120 File Visible: - Signed: -
Status: -

Name: gflmouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
Address: 0xBAE52000 Size: 6656 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
Address: 0xB964F000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xBA9A8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xBABB8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xBA27A000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA629C000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBAAF8000 Size: 52480 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xBAAB8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xA65FC000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB6277000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB6322000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: JGOGO.sys
Image Path: JGOGO.sys
Address: 0xBADAC000 Size: 6912 File Visible: - Signed: -
Status: -

Name: jraid.sys
Image Path: jraid.sys
Address: 0xBA8F8000 Size: 46208 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xBABF8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB95C2000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA6D0000 Size: 92928 File Visible: - Signed: -
Status: -

Name: LVUSBSta.sys
Image Path: C:\WINDOWS\system32\drivers\LVUSBSta.sys
Address: 0xBA9C8000 Size: 34560 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBAE3C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xBAC30000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xB6379000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xA6DAD000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB5FDD000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBACB0000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xB9CD6000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBAD9C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA591000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NAVENG.SYS
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091109.039\NAVENG.SYS
Address: 0xA52D7000 Size: 78208 File Visible: - Signed: -
Status: -

Name: NAVEX15.SYS
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091109.039\NAVEX15.SYS
Address: 0xA52EB000 Size: 1316864 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA616000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBAD90000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xA73B9000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB85AF000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB9CA6000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xBAA48000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB61AA000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBAB40000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA643000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAE89000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 6057984 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB96AC000 Size: 6132576 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8B8000 Size: 61696 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pgfilter.sys
Image Path: C:\Program Files\PeerGuardian2\pgfilter.sys
Address: 0xBAC08000 Size: 24576 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB95E5000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB859E000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xBAC20000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA928000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBAD88000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xB9D06000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xB9CF6000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xB9CE6000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xBAC28000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB604D000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBAE3E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA57F8000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xBAB90000 Size: 28672 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xBAA78000 Size: 49152 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
Address: 0xBA719000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Senfilt.sys
Image Path: C:\WINDOWS\system32\drivers\Senfilt.sys
Address: 0xB637D000 Size: 392960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBAD84000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBAAE8000 Size: 64512 File Visible: - Signed: -
Status: -

Name: SPBBCDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Address: 0xB6078000 Size: 458752 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA6E7000 Size: 73472 File Visible: - Signed: -
Status: -

Name: SRTSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSP.SYS
Address: 0xA645B000 Size: 299008 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSPX.SYS
Address: 0xBAA68000 Size: 36992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xA6C43000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xBADE8000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDNS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xBAE40000 Size: 6912 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xB622A000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMFW.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xB6214000 Size: 89856 File Visible: - Signed: -
Status: -

Name: SYMIDS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xBAB78000 Size: 31872 File Visible: - Signed: -
Status: -

Name: SymIDSCo.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20091105.001\SymIDSCo.sys
Address: 0xB61D2000 Size: 270336 File Visible: - Signed: -
Status: -

Name: SymIM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SymIM.sys
Address: 0xBAC38000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SYMNDIS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xBAB70000 Size: 30720 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xBA551000 Size: 15616 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xB629D000 Size: 177792 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA6FE5000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB62C9000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xBAC18000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xB9CB6000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tifsfilt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Address: 0xBAA98000 Size: 37696 File Visible: - Signed: -
Status: -

Name: timntr.sys
Image Path: timntr.sys
Address: 0xBA5AB000 Size: 435072 File Visible: - Signed: -
Status: -

Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xA6A73000 Size: 97280 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB8540000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xBA9D8000 Size: 60032 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBABB0000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xBADF0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xBABD8000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xB9C86000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB9674000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xBABD0000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBACA8000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9698000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VirtualAudio.sys
Image Path: C:\WINDOWS\system32\drivers\VirtualAudio.sys
Address: 0xBAC00000 Size: 16896 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8E8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xBAA38000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBAC10000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6F18000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xBA549000 Size: 12032 File Visible: - Signed: -
Status: -

Name: yk51x86.sys
Image Path: C:\WINDOWS\System32\DRIVERS\yk51x86.sys
Address: 0xB9609000 Size: 285952 File Visible: - Signed: -
Status: -

-------------------------------------------------------------------------------
OTL logfile created on: 10/11/2009 09:24:36 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = D:\Torrents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.42% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 47.59 Gb Free Space | 63.86% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 85.91 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAMUELA
Current User Name: Colin & Kerry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/10 09:23:37 | 00,528,896 | ---- | M] (OldTimer Tools) -- D:\Torrents\OTL.exe
PRC - [2009/10/27 17:03:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/27 17:03:25 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/27 06:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/22 14:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 10:42:43 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/05/17 14:34:30 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 23:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/27 06:38:16 | 00,316,728 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2007/10/17 20:23:56 | 00,979,968 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2007/10/15 15:19:38 | 01,382,672 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/22 09:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
PRC - [2007/08/08 15:53:16 | 00,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
PRC - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2006/12/18 14:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 06:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2005/09/18 18:40:42 | 01,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2002/12/10 16:54:04 | 00,127,022 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe


========== Modules (SafeList) ==========

MOD - [2009/11/10 09:23:37 | 00,528,896 | ---- | M] (OldTimer Tools) -- D:\Torrents\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 05:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/01/27 06:38:25 | 00,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WLSetupSvc)
SRV - [2009/10/30 09:18:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca5939a4b0b032)
SRV - [2009/10/27 17:03:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/04/25 16:38:57 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/29 10:42:43 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/05/17 14:34:30 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/02/21 23:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/25 13:33:45 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2007/12/20 10:41:56 | 00,029,440 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/10/15 15:19:38 | 01,382,672 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/22 09:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/06/15 11:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006/12/14 16:00:00 | 00,544,768 | ---- | M] (Magix AG) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 8
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..network.proxy.backup.ftp: "62.232.57.50 "
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "62.232.57.50 "
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "62.232.57.50 "
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "62.232.57.50 "
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "80.193.162.52"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "80.193.162.52"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "80.193.162.52"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "80.193.162.52"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 21:00:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/27 17:03:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 09:14:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 09:14:56 | 00,000,000 | ---D | M]

[2009/08/27 11:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Mozilla\Extensions
[2009/08/27 11:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 09:41:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Mozilla\Firefox\Profiles\3ac4ys6q.default\extensions
[2009/08/27 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Mozilla\Firefox\Profiles\3ac4ys6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/21 10:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Mozilla\Firefox\Profiles\3ac4ys6q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/21 11:07:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Mozilla\Firefox\Profiles\3ac4ys6q.default\extensions\[email protected]
[2009/11/09 09:41:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 09:14:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/27 17:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/16 21:13:04 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/16 21:13:04 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/10/27 17:03:26 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/10/16 21:13:04 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/03 06:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/03 10:07:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/03 10:07:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/03 10:07:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/03 10:07:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/03 10:07:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/03 10:53:00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/10/16 19:18:41 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/10/16 19:18:41 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 19:18:41 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/10/16 19:18:41 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 19:18:41 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/10/16 19:18:41 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 19:18:41 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 19:18:41 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (342 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adblock Pro) - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O9 - Extra 'Tools' menuitem : Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1201191289296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} http://support.f-sec.../fshc/fscax.cab (F-Secure Health Check 1.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\schmap-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents) - File not found
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/24 13:03:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/24 13:49:21 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/10 09:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colin & Kerry\My Documents\rootrepeal
[2009/11/09 22:42:51 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/11/09 22:42:51 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/11/09 22:42:51 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/11/09 22:42:51 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/11/09 22:42:51 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/11/09 22:42:51 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/11/09 22:42:51 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/11/09 22:42:51 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/11/09 21:27:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/09 21:26:41 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Colin & Kerry\Desktop\SysRestorePoint.exe
[2009/11/09 21:18:00 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colin & Kerry\Desktop\TFC.exe
[2009/11/09 13:26:45 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/11/08 11:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Converter
[2009/10/30 09:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/10/30 09:38:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colin & Kerry\My Documents\Downloads
[2009/10/30 09:18:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/30 09:18:40 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/10/27 17:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/27 10:47:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Colin & Kerry\Recent

========== Files - Modified Within 14 Days ==========

[2009/11/10 07:57:39 | 00,191,765 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/10 07:57:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/10 07:57:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 07:56:58 | 01,141,638 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2009/11/09 23:04:19 | 13,893,632 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\NTUSER.DAT
[2009/11/09 23:01:03 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 22:54:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Colin & Kerry\ntuser.ini
[2009/11/09 22:53:58 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/09 22:53:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/09 22:53:58 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/09 22:51:15 | 00,003,854 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/09 22:51:12 | 00,000,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/11/09 22:37:26 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\My Documents\Hello.doc
[2009/11/09 21:27:55 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\NTREGOPT.lnk
[2009/11/09 21:27:55 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\ERUNT.lnk
[2009/11/09 21:26:41 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Colin & Kerry\Desktop\SysRestorePoint.exe
[2009/11/09 21:18:01 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin & Kerry\Desktop\TFC.exe
[2009/11/09 18:59:25 | 00,350,086 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts.bak
[2009/11/09 18:39:16 | 00,000,403 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\recycle bin.bat
[2009/11/09 17:55:58 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Formula 1.url
[2009/11/09 17:54:27 | 00,000,299 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\BBC SPORT Formula 1.url
[2009/11/09 17:44:29 | 00,021,481 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Demonoid.com.url
[2009/11/09 17:44:16 | 00,000,216 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\TheBox.url
[2009/11/09 17:43:47 | 00,022,937 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\UKB.url
[2009/11/09 15:35:53 | 00,000,347 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Euro rate.url
[2009/11/09 15:07:56 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/09 15:07:56 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/09 11:08:41 | 00,000,354 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Torrents.lnk
[2009/11/09 07:58:14 | 00,000,289 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Optimist.url
[2009/11/09 07:52:23 | 00,013,752 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 16:48:29 | 84,927,4272 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\My Documents\videocd.bin
[2009/11/08 16:48:29 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\My Documents\videocd.cue
[2009/11/08 16:47:21 | 00,002,317 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\My Documents\videocd.xml
[2009/11/08 11:46:33 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/08 07:38:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/07 22:00:01 | 00,000,178 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\G T I.url
[2009/11/07 14:01:27 | 00,000,488 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\MyP2P.eu Football schedules, watch live Football on your pc..url
[2009/11/04 11:34:34 | 00,000,348 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Pessimist.url
[2009/11/03 09:18:35 | 00,009,871 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Translation.url
[2009/11/01 07:54:20 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/30 09:56:56 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\µTorrent.lnk
[2009/10/30 09:14:59 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/29 08:34:01 | 00,000,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091109-185925.backup
[2009/10/28 19:30:59 | 00,000,224 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\McLaren Mercedes.url
[2009/10/28 13:09:19 | 00,348,286 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091028-132119.backup
[2009/10/27 21:59:52 | 00,000,144 | ---- | M] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Live Sports TV.url

========== Files Created - No Company Name ==========

[2009/11/09 22:42:51 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/11/09 22:37:26 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\My Documents\Hello.doc
[2009/11/09 21:27:55 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Desktop\NTREGOPT.lnk
[2009/11/09 21:27:55 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Desktop\ERUNT.lnk
[2009/11/09 18:39:16 | 00,000,403 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Desktop\recycle bin.bat
[2009/11/09 11:08:41 | 00,000,354 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Desktop\Torrents.lnk
[2009/11/08 16:47:21 | 84,927,4272 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\My Documents\videocd.bin
[2009/11/08 16:47:21 | 00,002,317 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\My Documents\videocd.xml
[2009/11/08 16:47:21 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\My Documents\videocd.cue
[2009/11/02 21:09:37 | 00,000,488 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Desktop\MyP2P.eu Football schedules, watch live Football on your pc..url
[2009/10/30 09:56:56 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Desktop\µTorrent.lnk
[2009/10/11 09:47:16 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/10 12:14:19 | 00,000,577 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Application Data\AutoGK.ini
[2009/10/03 13:52:42 | 00,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2009/10/03 12:19:01 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdburner.sys
[2009/09/20 14:29:24 | 00,000,323 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009/09/20 14:29:24 | 00,000,054 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2009/09/20 14:29:24 | 00,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2009/07/03 19:13:06 | 00,004,170 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Application Data\ReplayMusicLog.log
[2009/05/19 19:57:41 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Local Settings\Application Data\fusioncache.dat
[2009/01/30 17:26:36 | 00,000,093 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Application Data\DelinvFile.ini
[2009/01/14 10:36:51 | 00,000,077 | ---- | C] () -- C:\WINDOWS\ZC DVD Creator Platinum.INI
[2008/12/19 18:10:36 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2008/10/16 16:17:16 | 00,000,116 | ---- | C] () -- C:\WINDOWS\homeDVD-Photostory4.INI
[2008/09/19 22:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/05 14:53:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2008/06/05 14:26:34 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/05/17 14:40:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2008/05/17 08:56:50 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2008/05/17 08:56:49 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2008/05/17 08:54:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008/04/06 19:17:28 | 00,019,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/04 17:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/16 12:29:06 | 00,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/02/16 12:29:05 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/01/26 21:36:32 | 00,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/01/25 16:26:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/01/24 22:05:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/24 21:26:37 | 00,194,560 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 21:23:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008/01/24 20:13:57 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/24 20:00:48 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/24 17:49:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/24 16:13:49 | 00,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/01/24 16:13:18 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/01/24 16:11:51 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2008/01/24 15:56:27 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/24 15:53:47 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini
[2008/01/24 15:13:04 | 00,001,808 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/01/24 13:52:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/01/24 13:52:01 | 00,061,544 | ---- | C] () -- C:\Documents and Settings\Colin & Kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/01/24 13:24:01 | 00,019,382 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/24 13:23:38 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/24 13:23:26 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/01/24 13:20:07 | 03,198,858 | -H-- | C] () -- C:\Documents and Settings\Colin & Kerry\Local Settings\Application Data\IconCache.db
[2008/01/24 13:13:55 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Colin & Kerry\Application Data\desktop.ini
[2007/10/31 08:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/17 12:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/12 16:44:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 16:44:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 16:44:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 16:44:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 16:44:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/25 23:42:22 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/10/14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/02/05 20:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/04/19 15:01:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2004/04/14 16:16:14 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\WS_Audio.dll
[2004/02/27 09:17:42 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\WS_CDBurn.dll
[2004/02/23 10:31:14 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\WS_VCDAuthor.dll
[2001/08/18 13:00:00 | 00,000,678 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/18 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/02/12 09:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/04/28 15:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/09/03 17:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/03/24 20:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/24 14:59:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2008/07/25 12:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software
[2008/01/26 21:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/03/25 11:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2008/04/06 15:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2009/03/31 14:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
[2008/12/03 10:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/10/28 11:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/24 17:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2008/01/25 13:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/24 16:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/10/21 19:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2008/04/23 10:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/08/06 17:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR
[2008/10/07 07:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/03 10:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/04/03 17:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Adblock Pro
[2008/04/28 15:50:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Ashampoo
[2008/09/23 19:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\AVSMedia
[2008/08/05 17:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Azureus
[2009/09/18 20:33:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/10/27 16:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Desktopicon
[2008/10/01 15:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\EPSON
[2008/12/07 10:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\FairStars Audio Converter
[2009/10/10 16:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\GHISLER
[2009/08/06 18:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Hide IP NG
[2009/02/26 22:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\ImTOO Software Studio
[2008/02/05 09:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\LEAPS
[2008/04/14 16:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\LimeWire
[2009/08/05 15:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\MagicEffect Photo
[2008/01/26 21:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\MAGIX
[2009/11/05 12:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\MahJong Suite
[2008/09/16 08:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Panasonic
[2009/01/05 20:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Pegasys Inc
[2009/09/20 11:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\PPMate
[2008/09/05 12:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Schmap
[2008/04/06 07:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\SiteHound
[2008/03/30 13:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\SlySoft
[2009/10/27 12:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Spotify
[2008/01/24 20:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\SuperAdBlocker.com
[2008/01/25 13:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\TuneUp Software
[2008/10/21 19:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Uniblue
[2008/10/26 11:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\URSoft
[2009/11/09 11:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\uTorrent
[2009/02/28 11:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\VCDEasy
[2008/09/10 19:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\Windows Search
[2008/03/28 11:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\WinPatrol
[2009/08/06 17:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Colin & Kerry\Application Data\WNR
[2001/08/18 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/10 07:57:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\System32\DRIVERS\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
----------------------------------------------------------------------
OTL Extras logfile created on: 10/11/2009 09:24:36 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = D:\Torrents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.42% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 47.59 Gb Free Space | 63.86% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 85.91 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAMUELA
Current User Name: Colin & Kerry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}" = Readon TV Movie Radio Player 5.5.5.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{485C28E6-7E8C-40E4-BCFE-6E85B1F46D7A}" = TMPGEnc 4.0 XPress
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7326545B-05C8-4308-9697-EAA3F9552018}" = Sudoku Works
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E64A0FD-EB4A-4468-8EB5-587D3CFFFB90}" = SymNet
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40EA8AE-322B-46DE-B422-480A40F43AEE}" = Brain Trainer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F441C985-4F07-4163-978E-BFD3B2BA20EC}" = Brain Trainer 2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"AC3Filter" = AC3Filter (remove only)
"Adblock Pro" = Adblock Pro 2.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"AVI MPEG ASF WMV Splitter_is1" = AVI/MPEG/ASF/WMV Splitter 3.22
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"CdaC13Ba" = Cda Product Service - shared component
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DUMeter3_is1" = DU Meter
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"ERUNT_is1" = ERUNT 1.1j
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.2.0812
"FormatFactory" = FormatFactory 2.10
"Foxit Reader" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE7" = Windows Internet Explorer 7
"IsoBuster_is1" = IsoBuster 1.6
"MahJong Suite Graphics Pack Volume 1_is1" = MahJong Suite Graphics Pack Volume 1 - v1.7
"MahJong Suite Graphics Pack Volume 2_is1" = MahJong Suite Graphics Pack Volume 2 - v2.7
"MahJong Suite_is1" = MahJong Suite 2007 v4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"P2PFilter" = P2PFilter 3.0.5
"PeerGuardian_is1" = PeerGuardian 2.0
"Photo2DVD Studio 3_is1" = Photo2DVD Studio 3 Build 3.1.0.20
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Pure Sudoku Deluxe_is1" = Pure Sudoku Deluxe 1.03
"QuicktimeAlt_is1" = QuickTime Alternative 1.40
"RealAlt_is1" = Real Alternative 1.27
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Replay Music3.45" = Replay Music
"RER HD Movie Converter_is1" = RER HD Movie Converter
"SopCast" = SopCast 3.2.4
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.0
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"The Rosetta Stone" = The Rosetta Stone
"TVUPlayer" = TVUPlayer 2.4.7.2
"Unlocker" = Unlocker 1.8.8
"uTorrent" = µTorrent
"VCDEasy_is1" = VCDEasy
"VLC media player" = VLC media player 1.0.0
"WIC" = Windows Imaging Component
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2007
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"ZC DVD Creator Platinum_is1" = ZC DVD Creator Platinum 6.2.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2009 07:35:05 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.

Error - 10/10/2009 07:37:20 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.

Error - 10/10/2009 07:37:24 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 10/10/2009 08:56:38 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.

Error - 10/10/2009 08:58:04 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.

Error - 11/10/2009 16:14:30 | Computer Name = LAMUELA | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 14/10/2009 08:04:54 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001a699.

Error - 14/10/2009 08:55:12 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 2.0.0.39, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108f3.

Error - 23/10/2009 07:17:54 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.4, faulting module pg2.exe,
version 1.0.6.4, fault address 0x0006a455.

Error - 25/10/2009 09:38:44 | Computer Name = LAMUELA | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

[ System Events ]
Error - 09/11/2009 17:49:39 | Computer Name = LAMUELA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7001
Description = The DU Meter Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 09/11/2009 17:50:04 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SABKUTIL SASDIFSV SASKUTIL
SPBBCDrv
SRTSP
SRTSPX
SYMTDI
Tcpip
WS2IFSL

Error - 09/11/2009 17:54:00 | Computer Name = LAMUELA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 09/11/2009 17:56:12 | Computer Name = LAMUELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL


< End of report >

Edited by colinhills1, 10 November 2009 - 05:06 AM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, colinhills1 :)

Welcome.

At first sight, there is no sign of malware in the log. Lets remove the Recycler folder. Windows will recreate it upon re-start.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as REMFoldr.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the REMFoldr.bat. The computer will restart. That is normal.

@ECHO OFF
Echo Working ........
cd /d %~dp0
If Exist %systemdrive%\Recycler (
attrib -r -s -h %systemdrive%\Recycler /S /D
del /q %systemdrive%\Recycler
Rd /S /Q %systemdrive%\Recycler
)
If Exist %systemdrive%\Recycled (
attrib -r -s -h %systemdrive%\Recycled /S /D
del /q %systemdrive%\Recycled
Rd /S /Q %systemdrive%\Recycled
)
shutdown /r /t 0 /f


Upon re-start, test and let me know the outcome.
  • 0

#3
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Refresh the page. I just edited my post.
  • 0

#4
colinhills1

colinhills1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
see edited post after this....this posted by mistake.

Edited by colinhills1, 21 November 2009 - 06:24 AM.

  • 0

#5
colinhills1

colinhills1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Carried out that procedure. NO change. Deleted video file, still (hidden) in recycle bin.

:)

Edited by colinhills1, 21 November 2009 - 07:04 AM.

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I am sorry, colinhills1, but did not receive a notification on your reply. I have checked these logs and see no sign of Malware. Lets check for hidden software.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it where you can easily find it, such as your desktop and post its contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :folderfind
    RECY*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#7
colinhills1

colinhills1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi. No probs in the delay :)

I have carried out the reports and have attached below.

Thanks again

-----------------------------------------------------



GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-29 10:53:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COLIN&~1\LOCALS~1\Temp\uwrdapob.sys


---- System - GMER 1.0.15 ----

SSDT 8A68FA28 ZwAlertResumeThread
SSDT 8A2F2A58 ZwAlertThread
SSDT 8A175A78 ZwAllocateVirtualMemory
SSDT 8A5EC3F0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6C5C020]
SSDT 8967C888 ZwCreateMutant
SSDT 8A175B50 ZwCreateThread
SSDT 8967C5F8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6C5C2A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6C5C800]
SSDT 8A175958 ZwFreeVirtualMemory
SSDT 8A5F8668 ZwImpersonateAnonymousToken
SSDT 8A2F5A48 ZwImpersonateThread
SSDT 8A175878 ZwMapViewOfSection
SSDT 8A17B1F0 ZwOpenEvent
SSDT 8A6C30C0 ZwOpenProcessToken
SSDT 8967C6B8 ZwOpenSection
SSDT 8967CE28 ZwOpenThreadToken
SSDT 8A6D7B50 ZwResumeThread
SSDT 8A7200C0 ZwSetContextThread
SSDT 8967CEF8 ZwSetInformationProcess
SSDT 8967CCD0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6C5CA50]
SSDT 8A1D39A0 ZwSuspendProcess
SSDT 8A2EFEC8 ZwSuspendThread
SSDT 8A6BEE48 ZwTerminateProcess
SSDT 8A1791F0 ZwTerminateThread
SSDT 8A6FB008 ZwUnmapViewOfSection
SSDT 8A1759E8 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] D2AC92311AA245CC4303D56D4FCFC0B8CC4B515EA08D213B8D1238732270C46CA7A5FB2E48B61886F00B8581C042B689F276B4431E19D2FA3DE036B2
CC0278AD049EAB065FA6111E92949D109F4B4A5B0BF2BCF30218B881F4037A62D56A5CC42089EE72CEBF680F57B287FD62AADE22D791129BE85703DBA
DAA0A981C288FF9CB1A45915E53C6F6803B6192D1A14D75B2E90ECB3F2E563A75D19B4E53C12434684AE2E6A4394D98E6C77C79FEBC9E127BECC74CFE
BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164
D67945D575E7D6A3B9808151C2748E94F059AA9E1D1181D0A8F248F31C10FC631B4CCA2F1C61FEE90E3482720048E3209602E5534BD91EFFC6ED32E95
74F5CD55DDC5A52652DD0408DAC51B53E78983BA15DFA1BEB73061F3B28A1976936D18D212DD163AC8BA9BE2E54E1A509CF838F792881D6F970E3EA06
44B65B12508899C96DFAE1DFC624FF5A699253AE0C53D15F568ADB8A8E9EAF742FDFCAA21009B6A677D7DC233254C58753E10346677962A96A00C11A9
A85FB4BCEC9C47712F5937B14AE6A3A3F8D3675E3C826752BB59957AB845704DCF26567BC8D773F7166341583F203A7BF5B943A072F7FEBF663078611
93AD5BA0B5F9CD5A4931D08596E0D71383406DCD9694FAE2940AE3D6

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:54 on 29/11/2009 by Colin & Kerry (Administrator - Elevation successful)

========== folderfind ==========

Searching for "RECY*"
C:\RECYCLER d--hs- [14:36 21/11/2009]

-=End Of File=-


---------------------------------------------------------------------------------------------
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, colinhills1 :)

Does Norton has a feature to control the Recycle Bin? If so, can you access that feature throughout Norton and remove those files?

I really don't see a problem that may contribute to this issue, unless Norton is blocking your actions.

Using the batch file above, would that empty the Recycle Bin?
  • 0

#9
colinhills1

colinhills1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have looked through Norton, nothing there blocking recycle bin.
At one point I suspected a 'media' player as being responsible by 'hanging on' to the data as though it was still in use.I am able to empty the bin completely but only by using 'unlocker'first.
This problem only occurs with all types of (video)media files all other types of files including music files delete with no problem.

Hope this helps.
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I am moving the topic to the XP forum. One of our techs handled a similar issue with Norton. Stanby.
  • 0

#11
happyrock

happyrock

    Tech Moderator

  • Retired Staff
  • 9,285 posts
if you have norton installed OR ever had it installed and uninstalled it...it protects the recyclers bin and will not let you remove certain things...I had to use a live cd to get rid of it but its not a procedure I would recommend to anyone but a advanced user..
try this first...boot into safe mode with command prompt...then type in ...
del \\?\c:\recycler\nprotect\*.*
press enter
this assumes the C: drive is where the OS is installed
no joy...
there are 2 possible workarounds...
first try ccleaner...install and run it...
no joy
try this...select the file then press the SHIFT+DELETE keys at the same time...that will delete the selected item permanently without placing the item in the Recycle Bin
  • 0

#12
mikeycpa

mikeycpa

    New Member

  • Member
  • Pip
  • 3 posts
Thanks very much after much searching, I found your fix and it worked.

Hi, colinhills1 :)

Welcome.

At first sight, there is no sign of malware in the log. Lets remove the Recycler folder. Windows will recreate it upon re-start.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as REMFoldr.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the REMFoldr.bat. The computer will restart. That is normal.

@ECHO OFF
Echo Working ........
cd /d %~dp0
If Exist %systemdrive%\Recycler (
attrib -r -s -h %systemdrive%\Recycler /S /D
del /q %systemdrive%\Recycler
Rd /S /Q %systemdrive%\Recycler
)
If Exist %systemdrive%\Recycled (
attrib -r -s -h %systemdrive%\Recycled /S /D
del /q %systemdrive%\Recycled
Rd /S /Q %systemdrive%\Recycled
)
shutdown /r /t 0 /f


Upon re-start, test and let me know the outcome.


Edited by mikeycpa, 13 January 2010 - 03:45 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP