Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sophos detects virus

Started by nucleotide_boy , Aug 16 2010 10:38 AM

  • Please log in to reply

#1
nucleotide_boy
Posted 16 August 2010 - 10:38 AM

nucleotide_boy

    Member

  • Member
  • PipPip
  • 13 posts
Hi all,

Just looking for a bit of help with a troublesome file.

I use Sophos Endpoint Security and Control 9, which I get free as a member of staff at my university.

I get lots of warnings about items being quarantined for HIPS\ProcInj-002 and -003. Scanning doesn't appear to resolve them and they seem to be in system 32 .exe files.

Today however I've started getting a warning about TOJ/Mdrop-CUR in winhelp.exe in C:\Users\<username>\AppData\Local\Windows. Sophos keeps quarantining and cleaning the file which then disappears and reappears. If I watch it in the file location the file itself just keeps coming and going.

What should I do?!

Edited by nucleotide_boy, 16 August 2010 - 10:40 AM.

  • 0

Advertisements

#2
nucleotide_boy
Posted 16 August 2010 - 12:48 PM

nucleotide_boy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
In addition, here's my OTL log:

OTL logfile created on: 16/08/2010 19:00:41 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ash Dunne\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.14 Gb Total Space | 34.09 Gb Free Space | 33.05% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
Drive F: | 7.09 Gb Total Space | 0.72 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 606.04 Gb Free Space | 65.08% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHDUNNE-LAPTOP
Current User Name: Ash Dunne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/16 18:09:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ash Dunne\Desktop\OTL.exe
PRC - [2010/07/23 03:09:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 18:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/09/07 13:11:19 | 000,093,736 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/09/07 13:11:18 | 000,104,488 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/09/07 12:24:19 | 000,125,992 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2009/09/07 12:24:19 | 000,030,248 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2009/09/04 12:22:55 | 000,429,096 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2009/09/04 12:22:55 | 000,175,144 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/10 16:45:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 16:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/02/21 14:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 18:09:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ash Dunne\Desktop\OTL.exe
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/28 12:18:17 | 000,237,832 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/21 22:14:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/07 13:11:19 | 000,093,736 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2009/09/07 13:11:18 | 000,104,488 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/09/07 12:24:19 | 000,125,992 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2009/09/07 12:24:19 | 000,030,248 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2009/09/04 12:22:55 | 000,175,144 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008/04/17 09:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 16:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/08 18:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/05/08 17:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/03/05 19:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/07 12:15:43 | 000,060,968 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2009/09/07 12:15:00 | 000,028,200 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scflwf.sys -- (scflwf)
DRV - [2009/07/30 13:54:40 | 000,121,848 | R--- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2009/02/09 11:06:53 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/17 17:41:41 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/17 09:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/27 20:34:32 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/03/27 18:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/29 20:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/11 12:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/07 01:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/18 19:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/12 23:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/12 23:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 17:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 11:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/06/28 19:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/10 00:39:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 00:37:30 | 000,000,000 | ---D | M]

[2009/02/03 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Extensions
[2009/02/03 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/08/16 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions
[2010/01/19 01:09:30 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/04/27 22:25:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/31 23:31:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/08 18:20:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/07 12:32:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/07/12 19:27:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/08/27 09:27:30 | 000,000,000 | ---D | M] (OpenDownload) -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2009/07/31 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\[email protected]
[2010/08/10 00:22:15 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Mozilla\Firefox\Profiles\l72zveda.default\extensions\[email protected]
[2010/01/29 07:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/06 07:23:55 | 000,000,044 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004/05/01 02:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/27 01:57:36 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{267fe57f-e031-11de-bd4f-001f298b70f1}\Shell\AutoRun\command - "" = G:\SamsungSoftware\AppInst.exe -- [2009/03/07 12:30:08 | 003,514,368 | ---- | M] (Samsung Electronics)
O33 - MountPoints2\{4177da96-3ecd-11dd-9e99-001f298b70f1}\Shell\AutoRun\command - "" = G:\AllwaySync'n'Go.exe -- File not found
O33 - MountPoints2\{c3023262-6c7b-11dd-8c45-001f298b70f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c3023262-6c7b-11dd-8c45-001f298b70f1}\Shell\AutoRun\command - "" = G:\autorun\UbiAutorun.exe -- File not found
O33 - MountPoints2\{d6671fea-3f0a-11dd-8c51-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6671fea-3f0a-11dd-8c51-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2006/10/06 07:23:55 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SamsungSoftware\AppInst.exe -- [2009/03/07 12:30:08 | 003,514,368 | ---- | M] (Samsung Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 18:08:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ash Dunne\Desktop\OTL.exe
[2010/08/16 14:43:28 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Local\Windows Server
[2010/08/08 16:48:59 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/08 16:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/08 16:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/07 22:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/08/07 20:57:41 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Roaming\vlc
[2010/08/07 13:22:09 | 000,886,008 | ---- | C] (2BrightSparks Pte Ltd) -- C:\Windows\System32\SNU.dll
[2010/08/07 13:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\2BrightSparks
[2010/08/07 13:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\2BrightSparks
[2010/08/07 11:51:57 | 000,020,328 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz134_x32.sys
[2010/08/07 07:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/08/01 14:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2010/08/01 14:19:19 | 000,121,848 | R--- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2010/08/01 14:19:18 | 000,026,664 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2010/08/01 14:12:04 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2010/08/01 14:11:36 | 000,000,000 | ---D | C] -- C:\escw_9_sa
[2010/07/31 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Roaming\Spotify
[2010/07/31 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Local\Spotify
[2010/07/31 18:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/07/22 18:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Video Joiner
[2010/07/21 18:25:14 | 000,000,000 | ---D | C] -- C:\Intel
[2010/07/20 09:03:51 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Roaming\PeerNetworking
[2010/07/19 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/07/19 18:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/06/22 18:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/06/13 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Local\CutePDF Writer
[2010/06/13 19:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/06/13 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/06/08 00:00:43 | 000,000,000 | ---D | C] -- C:\Users\Ash Dunne\AppData\Roaming\pokerth
[2010/06/07 23:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerTH
[2010/05/31 22:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/27 23:54:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/27 23:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ash Dunne\Documents\*.tmp files -> C:\Users\Ash Dunne\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/16 19:09:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD5CEE58-1F46-4FD7-8BF7-6FB87285816B}.job
[2010/08/16 19:07:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 19:02:34 | 003,932,160 | -HS- | M] () -- C:\Users\Ash Dunne\ntuser.dat
[2010/08/16 18:32:42 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3332380967-2104027918-1988861177-1006UA.job
[2010/08/16 18:09:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ash Dunne\Desktop\OTL.exe
[2010/08/16 18:02:36 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F719A61-01EB-43E2-8389-AF144ADDB477}.job
[2010/08/16 17:58:59 | 000,000,490 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/08/16 17:58:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/16 17:58:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 17:58:32 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 17:58:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/16 17:57:57 | 3212,107,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 17:49:41 | 000,524,288 | -HS- | M] () -- C:\Users\Ash Dunne\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/08/16 17:49:41 | 000,065,536 | -HS- | M] () -- C:\Users\Ash Dunne\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/08/15 23:31:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3332380967-2104027918-1988861177-1006Core.job
[2010/08/15 20:38:31 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/08/15 11:28:06 | 000,019,968 | ---- | M] () -- C:\Users\Ash Dunne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 02:30:01 | 000,000,602 | ---- | M] () -- C:\Windows\tasks\New scan.job
[2010/08/13 08:31:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/12 21:22:43 | 001,764,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 23:18:39 | 002,848,144 | -H-- | M] () -- C:\Users\Ash Dunne\AppData\Local\IconCache.db
[2010/08/11 21:53:24 | 000,000,776 | ---- | M] () -- C:\Users\Ash Dunne\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/11 21:53:18 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/10 00:40:15 | 000,001,748 | ---- | M] () -- C:\Users\Ash Dunne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 00:40:14 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 16:48:54 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/08 00:18:49 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/08/07 22:22:47 | 000,000,732 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\SIW.lnk
[2010/08/07 20:57:28 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/07 11:52:04 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/08/05 10:50:51 | 000,000,606 | ---- | M] () -- C:\Users\Ash Dunne\Application Data\Microsoft\Internet Explorer\Quick Launch\VirtualDub.exe - Shortcut.lnk
[2010/08/01 14:26:10 | 000,000,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2010/08/01 14:18:16 | 000,000,602 | ---- | M] () -- C:\Windows\tasks\New scan (1).job
[2010/08/01 12:57:07 | 000,719,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/01 12:57:07 | 000,620,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/01 12:57:07 | 000,113,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/31 18:02:20 | 000,000,788 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\Spotify.lnk
[2010/07/22 18:53:00 | 000,000,807 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\AoA Video Joiner.lnk
[2010/07/21 22:18:50 | 000,015,922 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\Chroma Order Quote.PDF
[2010/07/21 18:48:47 | 000,014,600 | ---- | M] () -- C:\Windows\System32\results.xml
[2010/07/20 09:04:17 | 000,024,064 | ---- | M] () -- C:\Users\Ash Dunne\AppData\Roaming\UserTile.png
[2010/07/19 18:05:33 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/07/15 08:35:14 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/15 08:07:36 | 000,001,443 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\DivX Movies.lnk
[2010/07/15 08:05:05 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz134_x32.sys
[2010/07/08 18:20:28 | 000,000,804 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\CCleaner.lnk
[2010/06/23 11:24:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/22 18:12:11 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/13 11:37:31 | 000,001,636 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\FeedDemon.lnk
[2010/06/08 18:05:08 | 000,000,333 | ---- | M] () -- C:\Users\Ash Dunne\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrents - Shortcut.lnk
[2010/06/08 00:00:00 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\PokerTH.lnk
[2010/06/07 20:03:43 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/05/30 14:48:38 | 000,000,713 | ---- | M] () -- C:\Users\Ash Dunne\Desktop\taskmgr.exe - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ash Dunne\Documents\*.tmp files -> C:\Users\Ash Dunne\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/08 16:48:54 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/08 00:18:49 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/08/07 22:22:47 | 000,000,732 | ---- | C] () -- C:\Users\Ash Dunne\Desktop\SIW.lnk
[2010/08/07 20:57:28 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/07 11:52:04 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/08/05 10:50:51 | 000,000,606 | ---- | C] () -- C:\Users\Ash Dunne\Application Data\Microsoft\Internet Explorer\Quick Launch\VirtualDub.exe - Shortcut.lnk
[2010/08/01 14:26:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2010/07/31 18:02:20 | 000,000,788 | ---- | C] () -- C:\Users\Ash Dunne\Desktop\Spotify.lnk
[2010/07/22 18:53:00 | 000,000,807 | ---- | C] () -- C:\Users\Ash Dunne\Desktop\AoA Video Joiner.lnk
[2010/07/21 22:18:12 | 000,015,922 | ---- | C] () -- C:\Users\Ash Dunne\Desktop\Chroma Order Quote.PDF
[2010/07/21 18:48:47 | 000,014,600 | ---- | C] () -- C:\Windows\System32\results.xml
[2010/07/20 09:04:17 | 000,024,064 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Roaming\UserTile.png
[2010/07/19 18:05:33 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/07/15 08:05:05 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/06/22 18:12:11 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/13 19:45:54 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/06/08 00:00:00 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\PokerTH.lnk
[2010/06/04 12:53:26 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD5CEE58-1F46-4FD7-8BF7-6FB87285816B}.job
[2010/05/30 14:48:38 | 000,000,713 | ---- | C] () -- C:\Users\Ash Dunne\Desktop\taskmgr.exe - Shortcut.lnk
[2010/05/27 23:53:19 | 000,000,804 | ---- | C] () -- C:\Users\Ash Dunne\Desktop\CCleaner.lnk
[2009/11/04 01:13:50 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/09/23 23:22:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/02 20:07:40 | 000,001,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/05/02 20:06:42 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/12/11 21:30:31 | 000,000,680 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Local\d3d9caps.dat
[2008/12/09 15:47:18 | 000,102,400 | ---- | C] () -- C:\Windows\System32\libpng.dll
[2008/12/09 15:47:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/12/09 15:44:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2008/08/21 09:11:35 | 000,008,101 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/08/17 17:41:40 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/02 18:04:54 | 000,003,247 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/07/30 03:54:05 | 000,000,000 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Local\FnF4.txt
[2008/06/24 22:37:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/06/24 22:37:26 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/24 21:31:25 | 000,019,968 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:31:30 | 000,000,490 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/20 13:35:40 | 000,000,000 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Local\QSwitch.txt
[2008/06/20 13:35:40 | 000,000,000 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Local\DSwitch.txt
[2008/06/20 13:35:40 | 000,000,000 | ---- | C] () -- C:\Users\Ash Dunne\AppData\Local\AtStart.txt
[2008/06/20 13:22:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/06/20 13:22:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/06/20 13:22:07 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/06/20 13:22:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/06/20 13:22:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/06/20 13:22:07 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/04/17 09:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/02/11 12:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/08/24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/06/08 18:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/01/26 19:10:07 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\ActiveState
[2009/08/11 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/08/17 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\DAEMON Tools Pro
[2010/04/16 19:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Facebook
[2008/06/20 13:23:18 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Hewlett Packard
[2008/12/03 07:25:13 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\InterVideo
[2009/11/15 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\LG Electronics
[2009/05/04 16:07:22 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\LimeWire
[2008/07/16 09:38:16 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Mp3tag
[2009/05/04 17:13:12 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Music Coach
[2008/11/03 22:50:40 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\My Games
[2009/10/30 22:55:24 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Neverball
[2009/11/04 15:48:57 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Nokia
[2008/08/16 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\PC Suite
[2010/07/20 09:03:51 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\PeerNetworking
[2010/06/08 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\pokerth
[2008/08/18 01:14:19 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\SampleView
[2008/07/27 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\SpinTop
[2010/07/31 20:52:28 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Spotify
[2010/08/07 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\SystemRequirementsLab
[2009/04/16 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\Trusteer
[2010/07/19 18:05:45 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/08/17 02:56:40 | 000,000,000 | ---D | M] -- C:\Users\Ash Dunne\AppData\Roaming\uTorrent
[2010/08/01 14:18:16 | 000,000,602 | ---- | M] () -- C:\Windows\Tasks\New scan (1).job
[2010/08/14 02:30:01 | 000,000,602 | ---- | M] () -- C:\Windows\Tasks\New scan.job
[2010/08/13 17:26:20 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/16 18:02:36 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5F719A61-01EB-43E2-8389-AF144ADDB477}.job
[2010/08/16 19:19:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BD5CEE58-1F46-4FD7-8BF7-6FB87285816B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/09/06 14:23:45 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/13 18:43:10 | 000,066,473 | ---- | M] () -- C:\CTSUFile.txt
[2007/10/04 10:07:04 | 106,795,280 | ---- | M] (Microsoft Corporation) -- C:\en_office_2003_SP2.exe
[2007/10/04 10:11:14 | 232,350,279 | ---- | M] () -- C:\en_office_2003_std.exe
[2010/08/16 17:57:57 | 3212,107,776 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/06 15:56:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/06 15:56:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/16 17:57:52 | 3525,861,376 | -HS- | M] () -- C:\pagefile.sys
[2009/11/15 21:40:52 | 000,000,281 | ---- | M] () -- C:\[20081211]InternetKit.log

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/22 21:47:52 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/07/18 19:34:32 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/10/09 10:58:54 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-16 17:17:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP