Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Rootkit - persistent trojans


  • Please log in to reply

#1
madbob

madbob

    New Member

  • Member
  • Pip
  • 9 posts
For the past month my Norton antivirus has been picking up idle time scan threats/trojans, they are removed but then I have a new different threat/trojan the next day.

I was wondering why Norton was not picking them up to begin with so 2 days ago ran Housecall and it picked up a couple of rootkit entries - which I removed (before finding this forum obviously). Thought my problems were over, so did another scan and found another new trojan in a different location.

I appear to be clean at the moment, can you see anything amiss from these logs?

Here are all my scans:

MBAM didn't appear to find anything

mbam-log-2010-09-08 (14-21-22).txt

Scan type: Quick scan
Objects scanned: 132737
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

GMER crashed and restarted my pc but managed to save this:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 15:15:51
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Trevor\AppData\Local\Temp\fxliipob.sys


---- System - GMER 1.0.15 ----

SSDT 8B08FB68 ZwAlertResumeThread
SSDT 8B08D3D8 ZwAlertThread
SSDT 8B06A5D0 ZwAllocateVirtualMemory
SSDT 8A306708 ZwAlpcConnectPort
SSDT 8B0FE938 ZwAssignProcessToJobObject
SSDT 8B099A90 ZwCreateMutant
SSDT 8B103810 ZwCreateSymbolicLinkObject
SSDT 8A3F62D0 ZwCreateThread
SSDT 8C3D23E8 ZwDebugActiveProcess
SSDT 8B037870 ZwDuplicateObject
SSDT 8B06D930 ZwFreeVirtualMemory
SSDT 8B098B20 ZwImpersonateAnonymousToken
SSDT 8B08A7A0 ZwImpersonateThread
SSDT 8A304C18 ZwLoadDriver
SSDT 8B092068 ZwMapViewOfSection
SSDT 8B09EA30 ZwOpenEvent
SSDT 8B035DF8 ZwOpenProcess
SSDT 8B1473B0 ZwOpenProcessToken
SSDT 8C630D70 ZwOpenSection
SSDT 8B035768 ZwOpenThread
SSDT 8B101918 ZwProtectVirtualMemory
SSDT 8B08EA30 ZwResumeThread
SSDT 8B083708 ZwSetContextThread
SSDT 8B083D30 ZwSetInformationProcess
SSDT 8B0F9F10 ZwSetSystemInformation
SSDT 8C371A90 ZwSuspendProcess
SSDT 8B08B770 ZwSuspendThread
SSDT 8B103118 ZwTerminateProcess
SSDT 8B088420 ZwTerminateThread
SSDT 8B06E8F8 ZwUnmapViewOfSection
SSDT 8B06C328 ZwWriteVirtualMemory
SSDT 8B021908 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F0 81C807FC 4 Bytes CALL 886DD882
.text ntkrnlpa.exe!ZwCallbackReturn + 350 81C8085C 4 Bytes JMP 86D49370
.text ntkrnlpa.exe!ZwCallbackReturn + 478 81C80984 4 Bytes CALL 3A5446AC
.text ntkrnlpa.exe!ZwCallbackReturn + 70C 81C80C18 4 Bytes JMP 9CC78B08
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes CALL 89FF14CE \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation)
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)


OTL scan

OTL logfile created on: 08/09/2010 15:53:30 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Trevor\Desktop\geektogo
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.73 Gb Total Space | 100.10 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.88 Gb Free Space | 13.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TREVOR-PC
Current User Name: Trevor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/08 03:19:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\geektogo\OTL.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/08/26 13:04:56 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/20 12:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/08 03:19:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\geektogo\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/11/02 10:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/21 19:58:12 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/10 02:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 10:32:23 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100907.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 10:32:23 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100907.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 11:44:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 11:44:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100906.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/16 12:09:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 23:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/03/25 09:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.topcashback.co.uk/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2010/06/02 11:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/01/23 11:11:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 09:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 14:58:09 | 000,000,000 | ---D | M]

[2008/09/02 18:57:05 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions
[2010/09/08 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions
[2010/01/23 23:45:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 11:40:10 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/06/03 09:55:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/03 16:07:24 | 000,001,551 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\searchplugins\swagbuckscom.xml
[2010/08/26 22:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 11:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 22:35:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/01/15 19:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/02/02 07:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 10:00:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 10:00:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 10:00:01 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 10:00:02 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GSISETUP] E:\Drivers\VOYAGE~2\setup.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/stream.ocx (KooPlayer Control)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 14:12:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/08 14:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/08 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Roaming\Malwarebytes
[2010/09/08 13:14:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/08 13:14:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/08 13:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/08 13:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/08 03:08:52 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\geektogo
[2010/08/26 23:01:48 | 001,870,496 | ---- | C] (Trend Micro Inc.) -- C:\Users\Trevor\Desktop\HousecallLauncher.exe
[2010/08/02 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/25 22:50:05 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\HAL 2010 LISTED
[2009/01/08 14:39:36 | 001,443,464 | RHS- | C] (Macromedia, Inc.) -- C:\Program Files\temp.dat

========== Files - Modified Within 90 Days ==========

[2010/09/08 15:53:46 | 003,145,728 | -HS- | M] () -- C:\Users\Trevor\ntuser.dat
[2010/09/08 15:45:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 15:43:16 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:43:16 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:43:07 | 261,275,825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/08 15:43:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/08 15:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 15:42:30 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 15:18:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 14:46:41 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job
[2010/09/08 14:11:24 | 000,000,720 | ---- | M] () -- C:\Users\Trevor\Desktop\ERUNT.lnk
[2010/09/08 13:14:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 12:45:23 | 000,003,830 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2010/09/08 09:10:54 | 003,291,248 | -H-- | M] () -- C:\Users\Trevor\AppData\Local\IconCache.db
[2010/09/03 20:02:03 | 000,000,666 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Trevor.job
[2010/09/03 15:34:54 | 000,026,749 | ---- | M] () -- C:\Users\Trevor\Documents\SI930228314.pdf
[2010/09/03 15:30:15 | 000,005,369 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100903JOKERSCOT_681800_2099.pdf
[2010/08/26 23:03:11 | 000,000,036 | ---- | M] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache
[2010/08/26 23:02:08 | 001,870,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\Trevor\Desktop\HousecallLauncher.exe
[2010/08/23 09:55:02 | 000,000,247 | ---- | M] () -- C:\Windows\win.ini
[2010/08/18 21:40:59 | 000,026,240 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219496.pdf
[2010/08/18 20:58:40 | 000,005,367 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_660875_1682.pdf
[2010/08/18 20:51:08 | 000,025,708 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219412.pdf
[2010/08/18 19:19:55 | 000,025,707 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219352.pdf
[2010/08/18 19:16:40 | 000,005,368 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_670119_1668.pdf
[2010/08/18 13:20:14 | 000,025,361 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_30C0QOB9D.pdf
[2010/08/18 12:32:02 | 000,027,524 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_30C0QM7UN.pdf
[2010/08/16 18:03:09 | 000,025,776 | ---- | M] () -- C:\Users\Trevor\Documents\SI930217887.pdf
[2010/08/05 21:28:07 | 000,026,422 | ---- | M] () -- C:\Users\Trevor\Documents\SI930214216.pdf
[2010/08/05 15:00:36 | 000,025,987 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_2ZZ0VQI08.pdf
[2010/08/04 12:32:08 | 000,005,332 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100804JOKERSCOT__1058.pdf
[2010/08/04 10:52:37 | 000,028,151 | ---- | M] () -- C:\Users\Trevor\Documents\SI930213038.pdf
[2010/08/04 10:49:50 | 000,005,371 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100803JOKERSCOT_612661_1285.pdf
[2010/08/02 15:31:01 | 000,005,366 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100802JOKERSCOT_623540_0997.pdf
[2010/08/02 14:58:10 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/02 14:47:01 | 000,031,985 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_2ZW0VPWMD.pdf
[2010/07/02 11:23:50 | 000,037,888 | ---- | M] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 20:28:44 | 000,027,949 | ---- | M] () -- C:\Users\Trevor\Documents\SI930197408.pdf
[2010/06/28 20:26:09 | 000,005,370 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100628JOKERSCOT_684373_0014.pdf
[2010/06/15 21:53:04 | 000,026,495 | ---- | M] () -- C:\Users\Trevor\Documents\SI930192125.pdf
[2010/06/15 21:47:32 | 000,005,367 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100615JOKERSCOT_665078_9671.pdf

========== Files Created - No Company Name ==========

[2010/09/08 15:42:34 | 261,275,825 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/08 14:11:24 | 000,000,720 | ---- | C] () -- C:\Users\Trevor\Desktop\ERUNT.lnk
[2010/09/08 13:14:57 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 15:34:53 | 000,026,749 | ---- | C] () -- C:\Users\Trevor\Documents\SI930228314.pdf
[2010/09/03 15:30:11 | 000,005,369 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100903JOKERSCOT_681800_2099.pdf
[2010/08/26 23:03:11 | 000,000,036 | ---- | C] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache
[2010/08/18 21:40:56 | 000,026,240 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219496.pdf
[2010/08/18 20:58:39 | 000,005,367 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_660875_1682.pdf
[2010/08/18 20:51:04 | 000,025,708 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219412.pdf
[2010/08/18 19:19:53 | 000,025,707 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219352.pdf
[2010/08/18 19:16:33 | 000,005,368 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_670119_1668.pdf
[2010/08/18 13:20:12 | 000,025,361 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_30C0QOB9D.pdf
[2010/08/18 12:31:59 | 000,027,524 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_30C0QM7UN.pdf
[2010/08/16 18:02:59 | 000,025,776 | ---- | C] () -- C:\Users\Trevor\Documents\SI930217887.pdf
[2010/08/05 21:28:02 | 000,026,422 | ---- | C] () -- C:\Users\Trevor\Documents\SI930214216.pdf
[2010/08/05 15:00:34 | 000,025,987 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_2ZZ0VQI08.pdf
[2010/08/04 12:32:07 | 000,005,332 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100804JOKERSCOT__1058.pdf
[2010/08/04 10:52:36 | 000,028,151 | ---- | C] () -- C:\Users\Trevor\Documents\SI930213038.pdf
[2010/08/04 10:49:48 | 000,005,371 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100803JOKERSCOT_612661_1285.pdf
[2010/08/02 15:31:00 | 000,005,366 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100802JOKERSCOT_623540_0997.pdf
[2010/08/02 14:58:09 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/02 14:47:00 | 000,031,985 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_2ZW0VPWMD.pdf
[2010/06/28 20:28:34 | 000,027,949 | ---- | C] () -- C:\Users\Trevor\Documents\SI930197408.pdf
[2010/06/28 20:26:00 | 000,005,370 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100628JOKERSCOT_684373_0014.pdf
[2010/06/15 21:53:03 | 000,026,495 | ---- | C] () -- C:\Users\Trevor\Documents\SI930192125.pdf
[2010/06/15 21:47:30 | 000,005,367 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100615JOKERSCOT_665078_9671.pdf
[2009/06/03 19:39:46 | 000,001,159 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/09/28 21:43:23 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/09/28 21:43:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/09/20 11:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 11:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 11:27:16 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 11:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 11:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 11:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 11:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 11:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 11:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 11:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 11:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 11:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 11:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 11:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 11:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 11:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 11:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 11:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/20 11:27:16 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/20 11:27:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/06/21 20:25:01 | 000,003,830 | ---- | C] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2007/06/21 20:19:41 | 000,037,888 | ---- | C] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/11 15:22:48 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/04 03:42:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/04/04 02:52:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/04 02:52:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/03/06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/02 14:24:38 | 000,018,944 | R--- | C] () -- C:\Windows\System32\TALDM32A.dll
[2006/05/02 14:24:38 | 000,017,408 | R--- | C] () -- C:\Windows\System32\TALDM32.DLL
[2004/07/09 10:48:12 | 000,070,144 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL

========== LOP Check ==========

[2007/08/06 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\.wyzo
[2009/10/17 22:07:56 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Amazon
[2010/02/06 22:59:57 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/01/10 23:03:41 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Cool Record Edit Pro
[2009/09/29 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\FloodLightGames
[2007/12/25 11:08:10 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Sports Interactive
[2007/06/21 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Template
[2008/09/18 13:08:58 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\WinBatch
[2010/09/08 14:00:44 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/08 14:46:41 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/04/04 03:41:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/08 15:42:30 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2007/06/21 19:28:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/06/21 19:28:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/08 15:42:28 | 1378,615,296 | -HS- | M] () -- C:\pagefile.sys
[2008/09/18 13:11:19 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 09:35:55
< End of report >


OTL Extras logfile created on: 08/09/2010 15:53:30 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Trevor\Desktop\geektogo
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.73 Gb Total Space | 100.10 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.88 Gb Free Space | 13.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TREVOR-PC
Current User Name: Trevor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AF04642-0660-4AA1-AFA6-805A263F93C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56D6C222-B9C7-411C-8990-CF34F42BF9C4}" = lport=23799 | protocol=17 | dir=in | name=bitcomet 23799 udp |
"{579DA89C-3CA4-4C94-8E3A-618A72BCC8C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9216E038-8B35-47A3-9B6C-B6CC45FEF69B}" = lport=23799 | protocol=6 | dir=in | name=bitcomet 23799 tcp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0590774A-78AA-4EB8-BBED-516A2DACAC27}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{10E9C135-DAB9-4C8B-A6E4-10724E5DEE23}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{1988939A-5FDD-4404-BC8B-873913B66443}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1182422047\ee\aolsoftware.exe |
"{3BF4E836-6B91-4E27-B68F-2616A305C28C}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4345CC9F-CAA4-45E9-853B-32DB27CC15FA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4641FE73-4A1B-40E7-8009-462419AEB778}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4C06A7E6-519B-4ADD-A56E-8A781998D7C6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4C27C54D-7725-473A-9034-C8B770909ACB}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{53C1A441-13A9-482E-BEDD-EAB1754F6C5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{56AE0D30-92C2-450C-B511-2D1F59EA6BAD}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{76896AB2-7A90-429D-9A82-E069AC83D119}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{783D5D62-636E-4FB2-BA70-41E3323B98B0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1182422047\ee\aolsoftware.exe |
"{8EBE2E9D-73ED-4017-9910-CBC1EE2F4E7A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9B946B38-9C82-4EF7-975E-C837494C5761}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{A1E60CD3-9DDE-43DD-836E-313121098195}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4086945-0283-44DD-9B31-D7B711D3BAE7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C1F40452-E621-4E52-9EF7-0AA0D3BABCED}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C7509206-3579-471F-8151-1B7187C184E2}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{D0FD07E9-3A89-4819-8014-81F84DF6756C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E0907250-76F2-4353-892C-E09EA4A69CA3}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F728E753-1A11-4CF0-B395-B8617B2B3361}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F97B078A-01B5-43DA-9687-E59CF6F37CE3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DF0102B1-4E96-4953-8625-E73CEBC491E9}" = SmartStamp
"{DF52D335-A00C-45E0-9CC4-6956A1ED892D}" = BTOffer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"Football Manager 2008" = Football Manager 2008
"Google Base Store Connector" = Google Base Store Connector
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{DF0102B1-4E96-4953-8625-E73CEBC491E9}" = SmartStamp
"KeyView for Lotus" = KeyView for Lotus 97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NIS" = Norton Internet Security
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp (remove only)
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 21:57:34 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10e8 Start Time: 01cb4ef71666a5d7 Termination Time: 60000

Error - 07/09/2010 22:13:34 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1704 Start Time: 01cb4ef9c91e0317 Termination Time: 60000

Error - 07/09/2010 22:23:47 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cdc Start Time: 01cb4efb9a0fdc47 Termination Time: 60000

Error - 08/09/2010 08:33:45 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 710 Start Time: 01cb4f2db98d6667 Termination Time: 3869

Error - 08/09/2010 08:56:17 | Computer Name = Trevor-PC | Source = Google Update | ID = 20
Description =

Error - 08/09/2010 09:04:35 | Computer Name = Trevor-PC | Source = Google Update | ID = 20
Description =

Error - 08/09/2010 09:25:50 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b50 Start Time: 01cb4f5703a21a3a Termination Time: 141

Error - 08/09/2010 09:28:10 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 720 Start Time: 01cb4f55fcc10b5a Termination Time: 0

Error - 08/09/2010 09:56:41 | Computer Name = Trevor-PC | Source = Perflib | ID = 1008
Description =

Error - 08/09/2010 09:56:44 | Computer Name = Trevor-PC | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 08/09/2010 04:12:41 | Computer Name = Trevor-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 08/09/2010 08:53:53 | Computer Name = Trevor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:52:25 on 08/09/2010 was unexpected.

Error - 08/09/2010 09:32:27 | Computer Name = Trevor-PC | Source = DCOM | ID = 10010
Description =

Error - 08/09/2010 09:43:31 | Computer Name = Trevor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:41:33 on 08/09/2010 was unexpected.

Error - 08/09/2010 09:43:33 | Computer Name = TREVOR-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 001921D7F328 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 08/09/2010 09:45:12 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 08/09/2010 09:45:12 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/09/2010 09:45:49 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 08/09/2010 10:42:34 | Computer Name = Trevor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:40:26 on 08/09/2010 was unexpected.

Error - 08/09/2010 10:45:01 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
  • 0

Advertisements


#2
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, madbob

Welcome to Geeks to Go! :)

My name is Maria Cristina and I will be helping you. I will be back as soon as possible, as each reply must be approved by a resident expert before I can be allowed to post it to you.
  • Please, be patient. Do not try to fix your malware issues by yourself. You should only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.
  • Do not ask for help in other forums. Trying to follow more than one procedure at the same time can cause a lot of issues.
  • POST your logs, do not attach them, as it makes it harder to read.
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.
  • I suggest you to subscribe this thread, by clicking in My Settings, on the top of this page.

    You should click in the Notification Options and check the option Watch every topic I reply to - If enabled, choose default notification type: and set your desired notification type.


Delete OTL.exe and download it again. This is to ensure you have the newer version.
Save it to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.

    ** Windows Vista and Windows 7 users:
    Right-click on the file then choose Run as admin option.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\drivers\*.* /90
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, this time it will open just OTL.Txt. It is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here in a new reply.

Next:

Download RootRepeal from one of the following locations and save it to your desktop:

Link 1
Link 2
Link 3
  • Double click Posted Image to start the program.

    ** Windows Vista and Windows 7 users:
    Right-click on the file then choose Run as admin option.
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, click the Save Report and save the report to your Desktop as RootRepeal.txt
  • Go to File menu, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

:)
  • 0

#3
madbob

madbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for your help, but the Rootrepeal scan is telling me I have an error and is refusing to run

The Error code is below

00:24:18: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)
00:24:18: DeviceIoControl Error! Error Code = 0x1e7
00:24:18: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)



Here are the details of my new OTL Scan


OTL logfile created on: 15/09/2010 23:40:30 - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Trevor\Desktop\geektogo
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 13.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.73 Gb Total Space | 98.63 Gb Free Space | 69.11% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.88 Gb Free Space | 13.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TREVOR-PC
Current User Name: Trevor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/15 23:31:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\geektogo\OTL.exe
PRC - [2010/09/09 09:36:03 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/08/26 13:04:56 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/22 12:05:24 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\shellmon.exe
PRC - [2006/11/20 12:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe
PRC - [2006/11/10 13:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/15 23:31:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\geektogo\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/11/02 10:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/21 19:58:12 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/31 23:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 10:32:23 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100915.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 10:32:23 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100915.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 11:44:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 11:44:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100910.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/16 12:09:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 23:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/03/25 09:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.topcashback.co.uk/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2010/06/02 11:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/01/23 11:11:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 09:36:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 09:36:23 | 000,000,000 | ---D | M]

[2008/09/02 18:57:05 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions
[2010/09/15 00:19:54 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions
[2010/01/23 23:45:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 11:40:10 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/06/03 09:55:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/10 22:04:05 | 000,001,551 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\searchplugins\swagbuckscom.xml
[2010/08/26 22:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 11:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 22:35:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/01/15 19:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/02/02 07:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 10:00:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 10:00:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 10:00:01 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 10:00:02 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GSISETUP] E:\Drivers\VOYAGE~2\setup.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/stream.ocx (KooPlayer Control)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 92.31.242.20 92.31.242.21
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 00:26:18 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/09/10 00:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/09/10 00:00:45 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Pavark
[2010/09/08 14:12:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/08 14:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/08 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Roaming\Malwarebytes
[2010/09/08 13:14:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/08 13:14:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/08 13:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/08 13:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/08 03:08:52 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\geektogo
[2010/08/26 23:01:48 | 001,870,496 | ---- | C] (Trend Micro Inc.) -- C:\Users\Trevor\Desktop\HousecallLauncher.exe
[2010/08/02 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/25 22:50:05 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\HAL 2010 LISTED
[2009/01/08 14:39:36 | 001,443,464 | RHS- | C] (Macromedia, Inc.) -- C:\Program Files\temp.dat

========== Files - Modified Within 90 Days ==========

[2010/09/15 23:49:23 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 23:49:23 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 23:40:35 | 003,145,728 | -HS- | M] () -- C:\Users\Trevor\ntuser.dat
[2010/09/15 23:18:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/15 20:10:52 | 000,003,830 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2010/09/15 19:35:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job
[2010/09/15 08:49:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/15 08:49:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/15 08:49:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/15 08:49:10 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 03:00:41 | 003,274,299 | -H-- | M] () -- C:\Users\Trevor\AppData\Local\IconCache.db
[2010/09/10 20:14:21 | 000,000,666 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Trevor.job
[2010/09/08 15:43:07 | 261,275,825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/08 14:11:24 | 000,000,720 | ---- | M] () -- C:\Users\Trevor\Desktop\ERUNT.lnk
[2010/09/08 13:14:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 15:34:54 | 000,026,749 | ---- | M] () -- C:\Users\Trevor\Documents\SI930228314.pdf
[2010/09/03 15:30:15 | 000,005,369 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100903JOKERSCOT_681800_2099.pdf
[2010/08/26 23:03:11 | 000,000,036 | ---- | M] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache
[2010/08/26 23:02:08 | 001,870,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\Trevor\Desktop\HousecallLauncher.exe
[2010/08/23 09:55:02 | 000,000,247 | ---- | M] () -- C:\Windows\win.ini
[2010/08/18 21:40:59 | 000,026,240 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219496.pdf
[2010/08/18 20:58:40 | 000,005,367 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_660875_1682.pdf
[2010/08/18 20:51:08 | 000,025,708 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219412.pdf
[2010/08/18 19:19:55 | 000,025,707 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219352.pdf
[2010/08/18 19:16:40 | 000,005,368 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_670119_1668.pdf
[2010/08/18 13:20:14 | 000,025,361 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_30C0QOB9D.pdf
[2010/08/18 12:32:02 | 000,027,524 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_30C0QM7UN.pdf
[2010/08/16 18:03:09 | 000,025,776 | ---- | M] () -- C:\Users\Trevor\Documents\SI930217887.pdf
[2010/08/05 21:28:07 | 000,026,422 | ---- | M] () -- C:\Users\Trevor\Documents\SI930214216.pdf
[2010/08/05 15:00:36 | 000,025,987 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_2ZZ0VQI08.pdf
[2010/08/04 12:32:08 | 000,005,332 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100804JOKERSCOT__1058.pdf
[2010/08/04 10:52:37 | 000,028,151 | ---- | M] () -- C:\Users\Trevor\Documents\SI930213038.pdf
[2010/08/04 10:49:50 | 000,005,371 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100803JOKERSCOT_612661_1285.pdf
[2010/08/02 15:31:01 | 000,005,366 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100802JOKERSCOT_623540_0997.pdf
[2010/08/02 14:58:10 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/02 14:47:01 | 000,031,985 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_2ZW0VPWMD.pdf
[2010/07/02 11:23:50 | 000,037,888 | ---- | M] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 20:28:44 | 000,027,949 | ---- | M] () -- C:\Users\Trevor\Documents\SI930197408.pdf
[2010/06/28 20:26:09 | 000,005,370 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100628JOKERSCOT_684373_0014.pdf

========== Files Created - No Company Name ==========

[2010/09/08 15:42:34 | 261,275,825 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/08 14:11:24 | 000,000,720 | ---- | C] () -- C:\Users\Trevor\Desktop\ERUNT.lnk
[2010/09/08 13:14:57 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 15:34:53 | 000,026,749 | ---- | C] () -- C:\Users\Trevor\Documents\SI930228314.pdf
[2010/09/03 15:30:11 | 000,005,369 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100903JOKERSCOT_681800_2099.pdf
[2010/08/26 23:03:11 | 000,000,036 | ---- | C] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache
[2010/08/18 21:40:56 | 000,026,240 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219496.pdf
[2010/08/18 20:58:39 | 000,005,367 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_660875_1682.pdf
[2010/08/18 20:51:04 | 000,025,708 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219412.pdf
[2010/08/18 19:19:53 | 000,025,707 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219352.pdf
[2010/08/18 19:16:33 | 000,005,368 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_670119_1668.pdf
[2010/08/18 13:20:12 | 000,025,361 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_30C0QOB9D.pdf
[2010/08/18 12:31:59 | 000,027,524 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_30C0QM7UN.pdf
[2010/08/16 18:02:59 | 000,025,776 | ---- | C] () -- C:\Users\Trevor\Documents\SI930217887.pdf
[2010/08/05 21:28:02 | 000,026,422 | ---- | C] () -- C:\Users\Trevor\Documents\SI930214216.pdf
[2010/08/05 15:00:34 | 000,025,987 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_2ZZ0VQI08.pdf
[2010/08/04 12:32:07 | 000,005,332 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100804JOKERSCOT__1058.pdf
[2010/08/04 10:52:36 | 000,028,151 | ---- | C] () -- C:\Users\Trevor\Documents\SI930213038.pdf
[2010/08/04 10:49:48 | 000,005,371 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100803JOKERSCOT_612661_1285.pdf
[2010/08/02 15:31:00 | 000,005,366 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100802JOKERSCOT_623540_0997.pdf
[2010/08/02 14:58:09 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/02 14:47:00 | 000,031,985 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_2ZW0VPWMD.pdf
[2010/06/28 20:28:34 | 000,027,949 | ---- | C] () -- C:\Users\Trevor\Documents\SI930197408.pdf
[2010/06/28 20:26:00 | 000,005,370 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100628JOKERSCOT_684373_0014.pdf
[2009/06/03 19:39:46 | 000,001,159 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/09/28 21:43:23 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/09/28 21:43:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/09/20 11:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 11:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 11:27:16 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 11:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 11:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 11:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 11:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 11:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 11:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 11:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 11:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 11:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 11:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 11:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 11:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 11:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 11:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 11:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/20 11:27:16 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/20 11:27:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/06/21 20:25:01 | 000,003,830 | ---- | C] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2007/06/21 20:19:41 | 000,037,888 | ---- | C] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/11 15:22:48 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/04 03:42:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/04/04 02:52:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/04 02:52:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/03/06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/02 14:24:38 | 000,018,944 | R--- | C] () -- C:\Windows\System32\TALDM32A.dll
[2006/05/02 14:24:38 | 000,017,408 | R--- | C] () -- C:\Windows\System32\TALDM32.DLL
[2004/07/09 10:48:12 | 000,070,144 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL

========== LOP Check ==========

[2007/08/06 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\.wyzo
[2009/10/17 22:07:56 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Amazon
[2010/02/06 22:59:57 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/01/10 23:03:41 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Cool Record Edit Pro
[2009/09/29 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\FloodLightGames
[2007/12/25 11:08:10 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Sports Interactive
[2007/06/21 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Template
[2008/09/18 13:08:58 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\WinBatch
[2010/09/15 03:02:40 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/15 19:35:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/04/04 03:41:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/15 08:49:10 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2007/06/21 19:28:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/06/21 19:28:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/15 08:49:09 | 1378,615,296 | -HS- | M] () -- C:\pagefile.sys
[2008/09/18 13:11:19 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\system32\drivers\*.* /90 >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/06 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8O.DLL
[2006/11/06 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8O.DLL
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/13 13:52:55 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/01/08 14:39:36 | 001,443,464 | RHS- | M] (Macromedia, Inc.) -- C:\Program Files\temp.dat

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-10 08:34:01
< End of report >
  • 0

#4
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, madbob.

My apologies about my delay. My little girl was a little sickly this weekend.

Let's go:

Select these lines in red bellow, then right-click on the selection and go to copy:


:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [GSISETUP] E:\Drivers\VOYAGE~2\setup.exe File not found

:commands
[createrestorepoint]
[emptytemp]
[emptyflash]
[purity]


Run OTL.exe

** Windows Vista and Windows 7 users:
Right-click on the file then choose Run as admin option.

Right-click on any blank part under Custom Scans/Fixes then click on Paste

Close ALL open windows except OTL.

Click on Fix button.

The tool will run the script and will ask to reboot your system. Allow it.

When back into Windows, OTL will be automatically ran. Allow it, if asked.

A notepad window will be shown, with some data.
Copy ALL (edit > select all > copy) its contents and paste here in a new reply.

This log would be saved in C:\_OTL\MovedFiles folder, named as date_time.log.

Eg: 03142010_145545.log

Next:

Please, download Kaspersky AVP Tool from one of these two links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Save it in your desktop.

Double-click the file and follow the prompts. Once it finish, open the folder Virus Removal Tool. It will be created in the same directory where you saved the setup file.

To run the tool, just double-click its shortcut Posted Image

Make sure these options are checked:
  • Computer
  • Local Disk (C:)
Also mark all the disks/removable drives that would/will appear under Local Disk, if exist.

Hit the Start button to begin the scan.

Be patient, it will take a while.

When the scan is complete, if it finds something it will ask you what to do. Click in Skip (we only want the log).

Note: Maybe you may have to click in Skip several times if the tool finds multiple files, so be patient. You may want to mark the checkbox "Apply to all objects", when you click in the "skip" option.

Obs: Maybe you may have to click in Skip several times if the tool finds multiple files, so be patient.

While running the scan, the button Scan will change to a red icon.

When the scan is complete, the button will change back to a green icon.

Click in Report button.

Then click the plus sign + next the last Autoscan from the list (the most recent), to expand it:

Posted Image

Click one time in Task Started to select it, hold the shift key and click in Task Completed to select this range.

Right-click in this selection, then click in Copy

Open Notepad, then go to menu Edit > paste

Name it as log.txt and save it in your desktop.

Copy all its contents and paste in your next reply.

After that, if you want to uninstall the tool:

Close all open windows and save all that you want.
Go to the folder Virus Removal Tool and run the file unins000.exe
Follow the prompts.

Your computer will be rebooted.

Let me know how your machine is running now. Is your AV still advising about new trojans? If yes, please tell me which is its names and path.

:D
  • 0

#5
madbob

madbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Seems to be running fine and no new viruses - thanks for you help

Nothing showed up on the Kaspersky scan, here is my new OTL scan

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GSISETUP deleted successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Trevor
->Temp folder emptied: 82135184 bytes
->Temporary Internet Files folder emptied: 33148378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91126503 bytes
->Flash cache emptied: 26160 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 191432 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 197.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Trevor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09212010_190342

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, madbob

Your log looks clean!

Run OTL.exe and click on Cleanup button.
You will be prompted to restart your computer. Allow it.

Now that your log looks clean, I have included bellow a number of recommendations regarding maintenance, in order to get your system running fine, and how to protect your computer against malware infections.

Maintenance
When you delete a file or uninstall a program, Windows frees the space it was occupying for new recordings. And when the operation is performed multiple times, your HD gets many empty spaces in the middle of occupied spaces.

In order to save a file, Windows puts in the first free space it finds. But often the new file does not fit in that space first found. In these cases, Windows records a part of the new file and looking for another space to save the rest of the file.

Thus, the new file or program is divided into several parts separated from each other: it is "fragmented". Consequence: when you have to open that file or program, Windows has to go from one place to another in search of hard disk from various parts, which makes opening the file slower.

Therefore, from time to time you need a disk defragmenter. Windows has a built-in defragmenter, but I suggest Puran Disc Defragmenter.

Just download it, install it and run it.

TFC - Temp File Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Security

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Malwarebytes' Anti-Malware - In its commercial version it offers realtime protection from spyware and trojans installation attempts and block access to known malicious IPs. In its free version, it has no real time protection, but you are allowed to manually update it and run a scan. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    Update the Java.
    Old Java versions have vulnerability what some malwares can use to infect your system.
    • Download the last Java Runtime Environment (JRE) 6u21 version.
    • Look for "Java Runtime Environment (JRE) 6update21".
    • Click in the button Download JRE.
    • Mark the option Accept License Agreement.
    • The page will be refresh.
    • Click in the link to download Windows Offline Installation, Multi-language jre-6u21-windows-i586.exe and save at your desktop.
    • Close any open windows and programs (browsers mainly).
    • Go to Control Panel > Add/Remove Programs and uninstall all the old Java versions.
      Old versions exemples:
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Select any item with the name "Java Runtime Environment (JRE ou J2SE)".
    • Click in the button Remove or Change/Remove.
    • Repeat it as many times as you need to remove each old Java version.
    • When all the Java versions were removed, restart you computer.
    • Now, go to your desktop, and run jre-6u21-windows-i586-p.exe to install the latest version.

    Click here to update the Adobe Reader.
    Old versions have vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
  • Criminals constantly exploits flaws in popular programs, in order to redirect such program to execute some malicious file. Therefore it is imperative to keep ALL your programs always updated, especially the browser's components, such as Java, Flash and Shockwave player, pdf reader, media players's extensions and so on.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls
  • I highly recommend these FireFox add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  • Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • Worms USB: This kind of malware exploits a built-in Windows feature, called Autoplay (when you plug or insert some media in your CD drive or USB, it asks you what do you want to do). The Autoplay feature needs a file called autorun.inf to work. There are two procedures you can perform to reduce the risk of having your system infected:

    Disable the Autoplay feature:
    http://go.microsoft....?linkid=9741395

    Keep a clean and protected autorun.inf file on all removable media and system partitions. This way, in case you plug your flash drive in some infected machine, the worm will not be able to override the pre-existent file. But it will be able to write a copy of its others malicious files, as .exe, .scr, .cmd, .pif. If you plug this flash drive in a clean machine and run some of such malicious file, that system will be infected as well. Be careful!

    For Windows XP:

    Download Flash_Disinfector.exe by sUBs and save it into your desktop.
    • Insert all your removable devices in USBs (such as memory sticks from cell phones and cameras and flash drives). Save what you need, EXCEPT executable files, such as .exe, .pif, .cmd, .bat, .scr, .com, then format the removable devices, by My Computer window then right-click on desired drive icon and choose "Format" option.
    • Double-click in Flash_Disinfector.exe.
    • Follow the prompts.
    • When its scan is complete, close the tool and unplug the removable devices.

    For Windows Vista and 7:
    http://research.pand...utorun-vaccine/
  • Again: Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.


Thank you for your patience, and performing all of the procedures requested.

:D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP