Last week I started having trouble with my laptop when I realised that Trend hadn't updated for some days. I tried to do an automatic update but got an error message (I can't remember the exact wording). I went online and downloaded the manual updater and the latest version of Trend. I was able to update manually but even with the upgraded version still not automatically. I ran Malware and Trojan remover and found that I had a trojan which was changing my IP addresses (I believe). I was getting the redirect from Google too. I did some online research and considered that it was possible my router had been hijacked. I logged in and changed the password. I also ran MWAB and Trojan Remover several times which seemed to help. Whilst my system was slow it seemed to be functioning okay until the past couple of days.
Logging on today my browser locks my whole computer up so that I need to reboot it. In fact, even starting up Outlook Express seems to lock up the computer. It won't allow me to access the Taskmanager when in this situation. Even disconnecting the network at this point doesn't unlock the system. Another laptop on the same network works fine (I'm using it right now).
Since last week, on booting to the desktop, Vista has been showing some services 'blocked' on startup. I've had a look at the blocked services but not game to change anything.
I've following the instructions in the cleaning guide and post logs as requested.
Thanks in advance, I hope I've done everything required to this point. I look forward to hearing from someone soon!
Cheers
Michelle
OTL logfile created on: 24/06/2010 5:02:15 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\The Farmer Family\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.88 Gb Total Space | 70.84 Gb Free Space | 49.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: THEFARMERFAMILY
Current User Name: The Farmer Family
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/24 17:01:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\The Farmer Family\Desktop\OTL.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\The Farmer Family\AppData\Local\Temp\Rar$EX00.850\gmer.exe
PRC - [2009/07/25 09:06:46 | 000,329,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
PRC - [2009/07/25 09:02:47 | 000,185,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/24 17:01:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\The Farmer Family\Desktop\OTL.exe
MOD - [2009/04/11 14:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 10:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (LexBceS)
SRV - File not found [On_Demand | Stopped] -- -- (HitmanPro35Crusader)
SRV - [2010/06/16 18:53:56 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/06/16 18:53:56 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2010/06/16 18:53:56 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/26 15:39:46 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/12/01 15:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/25 09:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/05 18:58:42 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Disabled | Stopped] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 10:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/26 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/29 08:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - [2010/06/16 18:54:02 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2010/06/16 18:54:02 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/06/16 18:54:02 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/06/16 18:54:02 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/06/16 18:54:02 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/06/16 18:54:02 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/12/20 02:22:01 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/18 06:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/05 00:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/05 00:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/05 00:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/11/16 03:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/10/02 07:41:44 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/26 13:39:48 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/14 14:18:34 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/01/30 11:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 10:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 10:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 10:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 10:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 10:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 10:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 10:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 10:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 10:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 10:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 10:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 10:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 10:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 10:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 10:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 10:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 10:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 10:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 10:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/21 10:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 10:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 10:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 10:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 10:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 10:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 10:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/30 08:47:36 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/11/30 01:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/19 06:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/03 03:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/30 15:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/26 06:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/13 14:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 12:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 12:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/03/22 14:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/25 06:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/24 08:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 15:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/19 03:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/11 11:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/07/12 10:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2005/01/07 21:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/06/16 18:57:45 | 000,000,000 | ---D | M]
[2009/07/15 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Mozilla\Extensions
[2009/07/15 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Mozilla\Extensions\[email protected]
O1 HOSTS File: ([2010/02/16 17:22:29 | 000,378,956 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 13057 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe (Trend Micro Inc.)
O4 - Startup: C:\Users\The Farmer Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2009/12/01 16:55:06 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\The Farmer Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hiro-Media Client.lnk = C:\Program Files\Hiro-Media\HiroClient\HiroClient.exe (Hiro Media)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\hiro {50BA1131-168F-4c08-A69B-4012273F222E} - C:\Program Files\Hiro-Media\HiroClient\HiroProtocolHandler.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\The Farmer Family\Pictures\Farmer Family\Laura and Zac - Feb 09 (4).JPG
O24 - Desktop BackupWallPaper: C:\Users\The Farmer Family\Pictures\Farmer Family\Laura and Zac - Feb 09 (4).JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:35:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 90 Days ==========
[2010/06/24 17:01:37 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\The Farmer Family\Desktop\OTL.exe
[2010/06/24 16:57:11 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\The Farmer Family\Desktop\erunt_setup.exe
[2010/06/17 07:58:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/17 07:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/16 21:14:06 | 001,322,680 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2010/06/16 21:14:05 | 000,230,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2010/06/16 21:14:05 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2010/06/16 20:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/16 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Simply Super Software
[2010/06/16 20:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/06/16 20:48:48 | 000,000,000 | ---D | C] -- C:\Users\The Farmer Family\AppData\Roaming\Simply Super Software
[2010/06/16 20:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/06/16 18:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2010/06/16 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/16 18:54:02 | 000,283,152 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2010/06/16 18:54:02 | 000,158,224 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/06/16 18:54:02 | 000,146,448 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2010/06/16 18:54:02 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/06/16 18:54:02 | 000,059,920 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2010/06/16 18:54:02 | 000,050,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/06/16 18:53:54 | 000,000,000 | ---D | C] -- C:\Users\The Farmer Family\Desktop\TISPro_Download32bit
[2010/06/15 16:08:18 | 000,287,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\Tmfilter.sys
[2010/06/15 15:52:00 | 000,709,896 | ---- | C] (Trend Micro Incorporated) -- C:\Users\The Farmer Family\Desktop\Update_Tool.exe
[2010/06/10 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\The Farmer Family\AppData\Roaming\Foxit Software
[2010/05/24 19:40:00 | 000,000,000 | ---D | C] -- C:\Users\The Farmer Family\Desktop\Wordpress_Magazine
[2010/05/06 17:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/06 17:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/06 17:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/12 07:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 17:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/01 17:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/01 16:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/04/01 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\The Farmer Family\AppData\Roaming\Facebook
========== Files - Modified Within 90 Days ==========
[2010/06/24 17:02:34 | 008,650,752 | -HS- | M] () -- C:\Users\The Farmer Family\ntuser.dat
[2010/06/24 17:01:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\The Farmer Family\Desktop\OTL.exe
[2010/06/24 16:58:20 | 000,000,725 | ---- | M] () -- C:\Users\The Farmer Family\Desktop\ERUNT.lnk
[2010/06/24 16:57:36 | 000,284,915 | ---- | M] () -- C:\Users\The Farmer Family\Desktop\gmer.zip
[2010/06/24 16:57:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\The Farmer Family\Desktop\erunt_setup.exe
[2010/06/24 16:55:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/24 16:45:32 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A415B25-380B-42B8-AD69-30FDD51BD09A}.job
[2010/06/24 16:42:15 | 000,000,103 | ---- | M] () -- C:\Users\The Farmer Family\HiroConfig.dat
[2010/06/24 16:41:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/24 16:40:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 16:40:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 16:40:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/24 16:13:21 | 000,524,288 | -HS- | M] () -- C:\Users\The Farmer Family\ntuser.dat{f91cf0fe-d285-11de-bc7e-00037aaeb154}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 16:13:21 | 000,065,536 | -HS- | M] () -- C:\Users\The Farmer Family\ntuser.dat{f91cf0fe-d285-11de-bc7e-00037aaeb154}.TM.blf
[2010/06/24 15:52:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/22 17:08:14 | 000,002,255 | ---- | M] () -- C:\Users\The Farmer Family\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/06/22 17:07:02 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/06/22 17:07:02 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/06/21 07:33:01 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/21 07:33:01 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/21 07:33:01 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/21 07:32:00 | 000,029,184 | ---- | M] () -- C:\Users\The Farmer Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 13:05:50 | 000,155,110 | ---- | M] () -- C:\Users\Public\Documents\franies.docx
[2010/06/20 12:29:38 | 000,171,427 | ---- | M] () -- C:\Users\Public\Documents\patrics day.docx
[2010/06/18 20:08:43 | 000,023,572 | ---- | M] () -- C:\Users\Public\Documents\DECEMBER.docx
[2010/06/18 16:31:37 | 000,361,868 | ---- | M] () -- C:\Users\Public\Documents\Presentation1.pptx
[2010/06/18 12:23:39 | 000,134,466 | ---- | M] () -- C:\Users\Public\Documents\CGU - Travel Claim.xlsx
[2010/06/17 19:41:23 | 000,014,324 | ---- | M] () -- C:\Users\Public\Documents\callender.docx
[2010/06/17 03:26:24 | 000,403,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/16 20:48:55 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/06/16 18:56:13 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Internet Security Pro.lnk
[2010/06/16 18:54:02 | 000,283,152 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2010/06/16 18:54:02 | 000,158,224 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/06/16 18:54:02 | 000,146,448 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2010/06/16 18:54:02 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/06/16 18:54:02 | 000,059,920 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2010/06/16 18:54:02 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/06/16 18:04:17 | 000,000,036 | ---- | M] () -- C:\Users\The Farmer Family\AppData\Local\housecall.guid.cache
[2010/06/16 17:57:35 | 000,001,718 | ---- | M] () -- C:\Appdata.re
[2010/06/15 15:52:04 | 000,709,896 | ---- | M] (Trend Micro Incorporated) -- C:\Users\The Farmer Family\Desktop\Update_Tool.exe
[2010/06/11 10:10:40 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/10 16:33:14 | 000,034,308 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2010/06/05 08:52:42 | 000,218,552 | ---- | M] () -- C:\Users\Public\Documents\rubber ducks.docx
[2010/05/31 21:39:36 | 000,001,681 | ---- | M] () -- C:\Users\The Farmer Family\Desktop\CCleaner.lnk
[2010/05/25 19:34:59 | 000,162,304 | ---- | M] () -- C:\Users\Public\Documents\timetable.doc
[2010/05/25 19:24:15 | 000,034,498 | ---- | M] () -- C:\Users\Public\Documents\timetable.docx
[2010/05/21 20:27:23 | 000,000,205 | ---- | M] () -- C:\Users\The Farmer Family\Desktop\Perth - TV Guide.url
[2010/05/08 09:43:33 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/06 17:47:58 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/24 13:39:27 | 000,002,305 | ---- | M] () -- C:\Users\The Farmer Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/04/03 19:36:13 | 000,000,600 | ---- | M] () -- C:\Users\The Farmer Family\AppData\Local\PUTTY.RND
[2010/04/03 19:25:30 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/04/03 15:51:15 | 000,195,820 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/04/01 17:08:40 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/01 16:57:36 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/28 21:45:56 | 000,983,824 | ---- | M] () -- C:\Users\Public\Documents\Managing Your Own Rental Property Made Easy.docx
========== Files Created - No Company Name ==========
[2010/06/24 16:58:20 | 000,000,725 | ---- | C] () -- C:\Users\The Farmer Family\Desktop\ERUNT.lnk
[2010/06/24 16:57:31 | 000,284,915 | ---- | C] () -- C:\Users\The Farmer Family\Desktop\gmer.zip
[2010/06/20 13:05:46 | 000,155,110 | ---- | C] () -- C:\Users\Public\Documents\franies.docx
[2010/06/20 12:29:33 | 000,171,427 | ---- | C] () -- C:\Users\Public\Documents\patrics day.docx
[2010/06/18 20:08:42 | 000,023,572 | ---- | C] () -- C:\Users\Public\Documents\DECEMBER.docx
[2010/06/17 20:30:19 | 000,361,868 | ---- | C] () -- C:\Users\Public\Documents\Presentation1.pptx
[2010/06/17 19:41:22 | 000,014,324 | ---- | C] () -- C:\Users\Public\Documents\callender.docx
[2010/06/16 20:56:29 | 000,102,400 | RHS- | C] () -- C:\Windows\System32\TR2468.dll
[2010/06/16 20:48:55 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/06/16 20:48:51 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/06/16 20:48:51 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/06/16 20:48:51 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/06/16 20:48:51 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/06/16 18:56:13 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Internet Security Pro.lnk
[2010/06/16 17:59:05 | 000,000,036 | ---- | C] () -- C:\Users\The Farmer Family\AppData\Local\housecall.guid.cache
[2010/06/16 17:56:14 | 000,001,718 | ---- | C] () -- C:\Appdata.re
[2010/06/10 16:33:14 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/06/05 08:52:38 | 000,218,552 | ---- | C] () -- C:\Users\Public\Documents\rubber ducks.docx
[2010/05/25 19:34:51 | 000,162,304 | ---- | C] () -- C:\Users\Public\Documents\timetable.doc
[2010/05/25 19:24:13 | 000,034,498 | ---- | C] () -- C:\Users\Public\Documents\timetable.docx
[2010/05/13 08:45:04 | 000,002,255 | ---- | C] () -- C:\Users\The Farmer Family\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/05/08 09:43:33 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/08 09:41:50 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/08 09:41:50 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 17:47:58 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/03 19:35:42 | 000,000,600 | ---- | C] () -- C:\Users\The Farmer Family\AppData\Local\PUTTY.RND
[2010/04/03 15:51:15 | 000,195,820 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/04/01 17:08:40 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/01 16:57:36 | 000,002,305 | ---- | C] () -- C:\Users\The Farmer Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/04/01 16:57:36 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/28 20:06:24 | 000,983,824 | ---- | C] () -- C:\Users\Public\Documents\Managing Your Own Rental Property Made Easy.docx
[2010/02/21 21:43:19 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/02/15 06:56:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\bitsperfc.dll.vir
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/11 11:34:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/24 15:35:17 | 000,000,985 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/03/24 15:35:17 | 000,000,173 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/03/24 15:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/03/24 15:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/09 17:38:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LXBRPMON.DLL
[2008/11/09 17:38:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LXBRPMUI.DLL
[2008/11/09 17:37:47 | 000,000,400 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/11/07 15:00:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/11/07 15:00:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/11/07 15:00:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/11/07 15:00:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/11/07 15:00:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/11/07 15:00:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/11/07 14:45:21 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/11/07 14:45:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/11/07 14:45:21 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/11/07 14:45:21 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/10/23 01:58:00 | 033,793,272 | ---- | C] () -- C:\Windows\System32\TrueAccessCoInst.dll
[2008/02/12 09:59:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 09:03:27 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/12 08:46:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/12 08:44:39 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/12 08:44:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/02/12 08:44:39 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/12 08:44:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/22 08:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/11/15 01:42:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/11/09 19:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 13:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
========== LOP Check ==========
[2008/11/09 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\4200Series
[2008/11/11 09:12:27 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\ABIG
[2009/12/16 19:42:19 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/01 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Facebook
[2010/05/24 22:19:55 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\FileZilla
[2008/11/27 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Foxit
[2010/06/10 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Foxit Software
[2009/01/08 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Leadertech
[2009/07/16 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\LimeWire
[2010/01/11 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\PC-FAX TX
[2008/11/09 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\PeerNetworking
[2009/07/25 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Publish Providers
[2010/06/16 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Simply Super Software
[2009/07/25 16:29:32 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Sony
[2008/11/07 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\SPAMfighter
[2009/07/23 16:59:36 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Thunderbird
[2009/01/21 08:01:04 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\toshiba
[2008/11/09 20:50:23 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\TransMemory_Secure
[2008/11/09 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\Ulead Systems
[2010/06/24 16:17:18 | 000,000,000 | ---D | M] -- C:\Users\The Farmer Family\AppData\Roaming\uTorrent
[2010/06/24 03:16:41 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/24 16:45:32 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A415B25-380B-42B8-AD69-30FDD51BD09A}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/06/16 17:57:35 | 000,001,718 | ---- | M] () -- C:\Appdata.re
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/12 08:19:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/04/16 15:49:26 | 000,000,560 | ---- | M] () -- C:\InstallHelper.log
[2008/02/12 08:29:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/24 15:49:22 | 000,000,078 | ---- | M] () -- C:\lxbm.log
[2008/02/12 08:29:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/24 16:55:37 | 3524,489,216 | -HS- | M] () -- C:\pagefile.sys
[2010/06/17 08:40:58 | 000,061,438 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_17.06.2010_08.39.57_log.txt
[2010/06/24 15:44:39 | 000,001,647 | ---- | M] () -- C:\VundoFix.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 20:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 19:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 19:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/01/21 11:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 14:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/21 10:25:16 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows:D2F9AAA03D24C7ED
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
OTL Extras logfile created on: 24/06/2010 5:02:15 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\The Farmer Family\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.88 Gb Total Space | 70.84 Gb Free Space | 49.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: THEFARMERFAMILY
Current User Name: The Farmer Family
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FAC6E7-A04C-41A4-A82A-949EE8F58508}" = rport=138 | protocol=17 | dir=out | app=system |
"{074FF035-726E-43D2-A8E4-4ADEC7F66C40}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0944D159-FD5A-44D0-A456-F505F723582F}" = lport=139 | protocol=6 | dir=in | app=system |
"{0F0AAAAB-92EC-4189-B793-41FFDC3ADE5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{102DEAEB-52B1-485C-9B57-5BDDC31D24FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{13423317-8C94-4088-A151-B0C769287185}" = rport=445 | protocol=6 | dir=out | app=system |
"{251532EE-95A6-4005-9E67-D3A59CFBE86D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A22C588-A097-4440-B12E-7F3A144CEE10}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{2A4B6DEA-62A6-461E-9D28-EA334C048821}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32BBFC5F-08FE-4FA9-B0B9-10F8FF1D71B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42285119-EE7B-4D1D-95E7-2FDBAB25370B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CEDF4AB-E3E9-4040-BDF3-A8883C724E73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{651205B6-57AD-460D-AAF0-7DDA4649C253}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{7A09507A-02CD-464B-AFF1-FBC2ECBD6230}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E5136A1-A7E7-4BC4-81C8-4217D6A526D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{86516A4C-3CAA-4AB6-A795-C13B3E969ABB}" = rport=139 | protocol=6 | dir=out | app=system |
"{92AD214C-D374-40E4-B8B6-F71944855EAA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93B36B17-851B-4A4C-9999-3831EA3C0876}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B8DC2DB-F367-4FAD-8C76-A57514A28375}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D569999-035E-4035-8E5E-5748D0776906}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A00EC612-1784-4B8B-A8C1-5A643DA65CB1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAE6E079-E66D-4023-8F5E-1F73456AE76D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0C8F958-F74E-47FB-9343-B5EBF56FC85F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1B93B09-F8BB-4653-8626-25798ABAC700}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C8EA1B00-7F60-4754-8DD2-5D8CD8838BA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D64E8E4F-C04F-49EE-9E8A-6EB093A315F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7DDE457-97CE-4E79-A653-668020F883AD}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{DF6C8DA4-D107-4A83-A214-A8949F5D943A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4281385-F4C5-490B-BDCA-62783939D7AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FF2CDB75-9E3D-463B-9DCD-A1368598C1BF}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031CBE73-20CB-4F24-ACD4-0424D493FE29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E1741DD-12CC-447A-981D-3ED5C117FED4}" = protocol=17 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{101A8EA4-E89D-4BA5-B5F9-2CAA338FB1F7}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{10E54A17-97EE-408A-B632-EC2AF3107099}" = protocol=6 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{169F576A-40C1-47B7-908B-25E11D8D515D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1AB5B846-5520-4406-8380-3B590CB499C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23C61DAA-C03E-43B7-AED6-2587B078115C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{243AC066-DF28-4D60-86BC-9DDA9C13E819}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2AD71051-62D9-4CEE-B538-AD0343744774}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BF10DF4-FB81-4B3A-851D-4C68181001FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3FB6C28E-0B35-4CBB-9F8F-20DF259F0A77}" = protocol=1 | dir=out | [email protected],-28544 |
"{4D6F3C30-6DAE-4DBB-A0D2-AB135CC2018F}" = protocol=58 | dir=out | [email protected],-28546 |
"{50AED980-56A1-4DC0-9288-B96EE5D78BEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50BE55BA-2CAA-4043-B6DD-CC64DFE3E345}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5229428E-4FEC-4B97-B370-67EAA755BBF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56424878-C4B2-429A-8380-8474322694BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B43453D-8080-4A17-A1EC-B7BD7E6D2904}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5BF9BD47-DB5B-4FCC-A9C1-BF2F6A3A5502}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5E179966-38E6-43EC-B945-E6B016B7AE2E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E948E98-5060-41AB-B5AE-EA6E4710AAE3}" = protocol=1 | dir=in | [email protected],-28543 |
"{71E2307F-0E2B-4A6B-B972-89C9A00D1003}" = protocol=58 | dir=in | [email protected],-28545 |
"{76FF0152-DE98-4D65-BCBF-923B1679D9F8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7BA2400E-9184-477F-B75A-7FF75EFB569E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{91DD28CB-7267-49FC-B658-3AB53DF3B884}" = protocol=6 | dir=out | app=system |
"{9D46F6AF-2D2E-4CB6-84BE-0899301A8504}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A6E9606D-33EC-49F6-BAAD-D5370F0FEB6B}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AEC0F629-F2D7-4B33-AA6A-AC491D330F01}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{B3892F4D-B35A-41C5-B45D-5FD2A8391612}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{B57C2B07-956E-4A4A-8259-D2221F55CA4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA136931-2C1A-4479-9260-C626BA283C5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA9902FE-0F0D-41E3-8A80-1ACADFFDD008}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C827EE95-C59B-438E-9A67-2C28B1214740}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E40C70C8-1645-4615-AD28-A2911E03C8AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E530599F-9FFB-4D76-9AF1-FE21D219D7CA}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{FFA23431-7E6A-4D17-A8EC-3D78534D2DEC}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{E1370674-B4FE-4A80-ABDE-03FB90A3F081}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{344277AF-8E38-427F-B59A-F295455B6528}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F66E7E-4865-4070-B289-A0DB052979E1}" = HIRO Client
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DA29D017-6E24-481D-BC7C-2B69335A0B3A}" = TrueSuite Access Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AnyDVD" = AnyDVD
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.2.1
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{DA29D017-6E24-481D-BC7C-2B69335A0B3A}" = TrueSuite Access Manager
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarkAble2_is1" = MarkAble 2.2.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Scholastic's I SPY Treasure Hunt" = Scholastic's I SPY Treasure Hunt
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trojan Remover_is1" = Trojan Remover 6.8.1
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 2:49:26 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 19/06/2010 8:10:23 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19/06/2010 8:10:23 AM | Computer Name = TheFarmerFamily | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1077
[ System Events ]
Error - 24/06/2010 4:42:39 AM | Computer Name = TheFarmerFamily | Source = Service Control Manager | ID = 7009
Description =
Error - 24/06/2010 4:42:39 AM | Computer Name = TheFarmerFamily | Source = Service Control Manager | ID = 7000
Description =
Error - 24/06/2010 4:44:01 AM | Computer Name = TheFarmerFamily | Source = Service Control Manager | ID = 7031
Description =
Error - 24/06/2010 4:55:58 AM | Computer Name = TheFarmerFamily | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:49:45 PM on 24/06/2010 was unexpected.
Error - 24/06/2010 4:56:08 AM | Computer Name = TheFarmerFamily | Source = DCOM | ID = 10005
Description =
Error - 24/06/2010 4:56:17 AM | Computer Name = TheFarmerFamily | Source = DCOM | ID = 10005
Description =
Error - 24/06/2010 4:56:20 AM | Computer Name = TheFarmerFamily | Source = DCOM | ID = 10005
Description =
Error - 24/06/2010 4:57:15 AM | Computer Name = TheFarmerFamily | Source = Service Control Manager | ID = 7001
Description =
Error - 24/06/2010 4:57:15 AM | Computer Name = TheFarmerFamily | Source = Service Control Manager | ID = 7026
Description =
Error - 24/06/2010 5:01:13 AM | Computer Name = TheFarmerFamily | Source = DCOM | ID = 10005
Description =
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-24 17:05:20
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\THEFAR~1\AppData\Local\Temp\aflcipoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AB53000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AB9C000, 0x510, 0x40000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 709F9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!CallNextHookEx 76F48E3B 5 Bytes JMP 709ED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 7096467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!CreateWindowExW 76F51305 5 Bytes JMP 709FDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxParamW 76F710B0 5 Bytes JMP 709254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxIndirectParamW 76F72EF5 5 Bytes JMP 70AF480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxParamA 76F88152 5 Bytes JMP 70AF47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxIndirectParamA 76F8847D 5 Bytes JMP 70AF4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxIndirectA 76F9D4D9 5 Bytes JMP 70AF4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxIndirectW 76F9D5D3 5 Bytes JMP 70AF46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxExA 76F9D639 5 Bytes JMP 70AF4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxExW 76F9D65D 5 Bytes JMP 70AF4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] ole32.dll!OleLoadFromStream 75F81E12 5 Bytes JMP 70AF4B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] ole32.dll!CoCreateInstance 75FB9EA6 5 Bytes JMP 709FDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!CreateWindowExW 76F51305 5 Bytes JMP 709FDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxParamW 76F710B0 5 Bytes JMP 709254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamW 76F72EF5 5 Bytes JMP 70AF480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxParamA 76F88152 5 Bytes JMP 70AF47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamA 76F8847D 5 Bytes JMP 70AF4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxIndirectA 76F9D4D9 5 Bytes JMP 70AF4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxIndirectW 76F9D5D3 5 Bytes JMP 70AF46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxExA 76F9D639 5 Bytes JMP 70AF4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxExW 76F9D65D 5 Bytes JMP 70AF4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4204
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928
24/06/2010 4:08:01 PM
mbam-log-2010-06-24 (16-08-01).txt
Scan type: Quick scan
Objects scanned: 129351
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Edited by micknmark, 24 June 2010 - 04:12 AM.
Sign In
Create Account
