I was wondering why Norton was not picking them up to begin with so 2 days ago ran Housecall and it picked up a couple of rootkit entries - which I removed (before finding this forum obviously). Thought my problems were over, so did another scan and found another new trojan in a different location.
I appear to be clean at the moment, can you see anything amiss from these logs?
Here are all my scans:
MBAM didn't appear to find anything
mbam-log-2010-09-08 (14-21-22).txt
Scan type: Quick scan
Objects scanned: 132737
Time elapsed: 8 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
GMER crashed and restarted my pc but managed to save this:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 15:15:51
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Trevor\AppData\Local\Temp\fxliipob.sys
---- System - GMER 1.0.15 ----
SSDT 8B08FB68 ZwAlertResumeThread
SSDT 8B08D3D8 ZwAlertThread
SSDT 8B06A5D0 ZwAllocateVirtualMemory
SSDT 8A306708 ZwAlpcConnectPort
SSDT 8B0FE938 ZwAssignProcessToJobObject
SSDT 8B099A90 ZwCreateMutant
SSDT 8B103810 ZwCreateSymbolicLinkObject
SSDT 8A3F62D0 ZwCreateThread
SSDT 8C3D23E8 ZwDebugActiveProcess
SSDT 8B037870 ZwDuplicateObject
SSDT 8B06D930 ZwFreeVirtualMemory
SSDT 8B098B20 ZwImpersonateAnonymousToken
SSDT 8B08A7A0 ZwImpersonateThread
SSDT 8A304C18 ZwLoadDriver
SSDT 8B092068 ZwMapViewOfSection
SSDT 8B09EA30 ZwOpenEvent
SSDT 8B035DF8 ZwOpenProcess
SSDT 8B1473B0 ZwOpenProcessToken
SSDT 8C630D70 ZwOpenSection
SSDT 8B035768 ZwOpenThread
SSDT 8B101918 ZwProtectVirtualMemory
SSDT 8B08EA30 ZwResumeThread
SSDT 8B083708 ZwSetContextThread
SSDT 8B083D30 ZwSetInformationProcess
SSDT 8B0F9F10 ZwSetSystemInformation
SSDT 8C371A90 ZwSuspendProcess
SSDT 8B08B770 ZwSuspendThread
SSDT 8B103118 ZwTerminateProcess
SSDT 8B088420 ZwTerminateThread
SSDT 8B06E8F8 ZwUnmapViewOfSection
SSDT 8B06C328 ZwWriteVirtualMemory
SSDT 8B021908 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0 81C807FC 4 Bytes CALL 886DD882
.text ntkrnlpa.exe!ZwCallbackReturn + 350 81C8085C 4 Bytes JMP 86D49370
.text ntkrnlpa.exe!ZwCallbackReturn + 478 81C80984 4 Bytes CALL 3A5446AC
.text ntkrnlpa.exe!ZwCallbackReturn + 70C 81C80C18 4 Bytes JMP 9CC78B08
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes CALL 89FF14CE \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation)
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
OTL scan
OTL logfile created on: 08/09/2010 15:53:30 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Trevor\Desktop\geektogo
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,015.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.73 Gb Total Space | 100.10 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.88 Gb Free Space | 13.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TREVOR-PC
Current User Name: Trevor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/08 03:19:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\geektogo\OTL.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/08/26 13:04:56 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/20 12:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
========== Modules (SafeList) ==========
MOD - [2010/09/08 03:19:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\geektogo\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/11/02 10:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/21 19:58:12 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/10 02:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 10:32:23 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100907.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 10:32:23 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100907.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 11:44:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 11:44:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100906.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/16 12:09:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 23:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/03/25 09:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.topcashback.co.uk/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2010/06/02 11:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/01/23 11:11:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 09:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 14:58:09 | 000,000,000 | ---D | M]
[2008/09/02 18:57:05 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions
[2010/09/08 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions
[2010/01/23 23:45:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 11:40:10 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/06/03 09:55:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/03 16:07:24 | 000,001,551 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\searchplugins\swagbuckscom.xml
[2010/08/26 22:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 11:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 22:35:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/01/15 19:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/02/02 07:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 10:00:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 10:00:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 10:00:01 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 10:00:02 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GSISETUP] E:\Drivers\VOYAGE~2\setup.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/stream.ocx (KooPlayer Control)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/09/08 14:12:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/08 14:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/08 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Roaming\Malwarebytes
[2010/09/08 13:14:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/08 13:14:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/08 13:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/08 13:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/08 03:08:52 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\geektogo
[2010/08/26 23:01:48 | 001,870,496 | ---- | C] (Trend Micro Inc.) -- C:\Users\Trevor\Desktop\HousecallLauncher.exe
[2010/08/02 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/25 22:50:05 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\HAL 2010 LISTED
[2009/01/08 14:39:36 | 001,443,464 | RHS- | C] (Macromedia, Inc.) -- C:\Program Files\temp.dat
========== Files - Modified Within 90 Days ==========
[2010/09/08 15:53:46 | 003,145,728 | -HS- | M] () -- C:\Users\Trevor\ntuser.dat
[2010/09/08 15:45:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 15:43:16 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:43:16 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:43:07 | 261,275,825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/08 15:43:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/08 15:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 15:42:30 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 15:18:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 14:46:41 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job
[2010/09/08 14:11:24 | 000,000,720 | ---- | M] () -- C:\Users\Trevor\Desktop\ERUNT.lnk
[2010/09/08 13:14:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 12:45:23 | 000,003,830 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2010/09/08 09:10:54 | 003,291,248 | -H-- | M] () -- C:\Users\Trevor\AppData\Local\IconCache.db
[2010/09/03 20:02:03 | 000,000,666 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Trevor.job
[2010/09/03 15:34:54 | 000,026,749 | ---- | M] () -- C:\Users\Trevor\Documents\SI930228314.pdf
[2010/09/03 15:30:15 | 000,005,369 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100903JOKERSCOT_681800_2099.pdf
[2010/08/26 23:03:11 | 000,000,036 | ---- | M] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache
[2010/08/26 23:02:08 | 001,870,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\Trevor\Desktop\HousecallLauncher.exe
[2010/08/23 09:55:02 | 000,000,247 | ---- | M] () -- C:\Windows\win.ini
[2010/08/18 21:40:59 | 000,026,240 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219496.pdf
[2010/08/18 20:58:40 | 000,005,367 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_660875_1682.pdf
[2010/08/18 20:51:08 | 000,025,708 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219412.pdf
[2010/08/18 19:19:55 | 000,025,707 | ---- | M] () -- C:\Users\Trevor\Documents\SI930219352.pdf
[2010/08/18 19:16:40 | 000,005,368 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_670119_1668.pdf
[2010/08/18 13:20:14 | 000,025,361 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_30C0QOB9D.pdf
[2010/08/18 12:32:02 | 000,027,524 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_30C0QM7UN.pdf
[2010/08/16 18:03:09 | 000,025,776 | ---- | M] () -- C:\Users\Trevor\Documents\SI930217887.pdf
[2010/08/05 21:28:07 | 000,026,422 | ---- | M] () -- C:\Users\Trevor\Documents\SI930214216.pdf
[2010/08/05 15:00:36 | 000,025,987 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_2ZZ0VQI08.pdf
[2010/08/04 12:32:08 | 000,005,332 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100804JOKERSCOT__1058.pdf
[2010/08/04 10:52:37 | 000,028,151 | ---- | M] () -- C:\Users\Trevor\Documents\SI930213038.pdf
[2010/08/04 10:49:50 | 000,005,371 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100803JOKERSCOT_612661_1285.pdf
[2010/08/02 15:31:01 | 000,005,366 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100802JOKERSCOT_623540_0997.pdf
[2010/08/02 14:58:10 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/02 14:47:01 | 000,031,985 | ---- | M] () -- C:\Users\Trevor\Documents\FWORD_2ZW0VPWMD.pdf
[2010/07/02 11:23:50 | 000,037,888 | ---- | M] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 20:28:44 | 000,027,949 | ---- | M] () -- C:\Users\Trevor\Documents\SI930197408.pdf
[2010/06/28 20:26:09 | 000,005,370 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100628JOKERSCOT_684373_0014.pdf
[2010/06/15 21:53:04 | 000,026,495 | ---- | M] () -- C:\Users\Trevor\Documents\SI930192125.pdf
[2010/06/15 21:47:32 | 000,005,367 | ---- | M] () -- C:\Users\Trevor\Documents\RCPT20100615JOKERSCOT_665078_9671.pdf
========== Files Created - No Company Name ==========
[2010/09/08 15:42:34 | 261,275,825 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/08 14:11:24 | 000,000,720 | ---- | C] () -- C:\Users\Trevor\Desktop\ERUNT.lnk
[2010/09/08 13:14:57 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 15:34:53 | 000,026,749 | ---- | C] () -- C:\Users\Trevor\Documents\SI930228314.pdf
[2010/09/03 15:30:11 | 000,005,369 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100903JOKERSCOT_681800_2099.pdf
[2010/08/26 23:03:11 | 000,000,036 | ---- | C] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache
[2010/08/18 21:40:56 | 000,026,240 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219496.pdf
[2010/08/18 20:58:39 | 000,005,367 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_660875_1682.pdf
[2010/08/18 20:51:04 | 000,025,708 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219412.pdf
[2010/08/18 19:19:53 | 000,025,707 | ---- | C] () -- C:\Users\Trevor\Documents\SI930219352.pdf
[2010/08/18 19:16:33 | 000,005,368 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100818JOKERSCOT_670119_1668.pdf
[2010/08/18 13:20:12 | 000,025,361 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_30C0QOB9D.pdf
[2010/08/18 12:31:59 | 000,027,524 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_30C0QM7UN.pdf
[2010/08/16 18:02:59 | 000,025,776 | ---- | C] () -- C:\Users\Trevor\Documents\SI930217887.pdf
[2010/08/05 21:28:02 | 000,026,422 | ---- | C] () -- C:\Users\Trevor\Documents\SI930214216.pdf
[2010/08/05 15:00:34 | 000,025,987 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_2ZZ0VQI08.pdf
[2010/08/04 12:32:07 | 000,005,332 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100804JOKERSCOT__1058.pdf
[2010/08/04 10:52:36 | 000,028,151 | ---- | C] () -- C:\Users\Trevor\Documents\SI930213038.pdf
[2010/08/04 10:49:48 | 000,005,371 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100803JOKERSCOT_612661_1285.pdf
[2010/08/02 15:31:00 | 000,005,366 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100802JOKERSCOT_623540_0997.pdf
[2010/08/02 14:58:09 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/02 14:47:00 | 000,031,985 | ---- | C] () -- C:\Users\Trevor\Documents\FWORD_2ZW0VPWMD.pdf
[2010/06/28 20:28:34 | 000,027,949 | ---- | C] () -- C:\Users\Trevor\Documents\SI930197408.pdf
[2010/06/28 20:26:00 | 000,005,370 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100628JOKERSCOT_684373_0014.pdf
[2010/06/15 21:53:03 | 000,026,495 | ---- | C] () -- C:\Users\Trevor\Documents\SI930192125.pdf
[2010/06/15 21:47:30 | 000,005,367 | ---- | C] () -- C:\Users\Trevor\Documents\RCPT20100615JOKERSCOT_665078_9671.pdf
[2009/06/03 19:39:46 | 000,001,159 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/09/28 21:43:23 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/09/28 21:43:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/09/20 11:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 11:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 11:27:16 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 11:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 11:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 11:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 11:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 11:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 11:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 11:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 11:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 11:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 11:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 11:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 11:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 11:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 11:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 11:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/20 11:27:16 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/20 11:27:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/06/21 20:25:01 | 000,003,830 | ---- | C] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2007/06/21 20:19:41 | 000,037,888 | ---- | C] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/11 15:22:48 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/04 03:42:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/04/04 02:52:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/04 02:52:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/03/06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/02 14:24:38 | 000,018,944 | R--- | C] () -- C:\Windows\System32\TALDM32A.dll
[2006/05/02 14:24:38 | 000,017,408 | R--- | C] () -- C:\Windows\System32\TALDM32.DLL
[2004/07/09 10:48:12 | 000,070,144 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
========== LOP Check ==========
[2007/08/06 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\.wyzo
[2009/10/17 22:07:56 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Amazon
[2010/02/06 22:59:57 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/01/10 23:03:41 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Cool Record Edit Pro
[2009/09/29 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\FloodLightGames
[2007/12/25 11:08:10 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Sports Interactive
[2007/06/21 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Template
[2008/09/18 13:08:58 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\WinBatch
[2010/09/08 14:00:44 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/08 14:46:41 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/04/04 03:41:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/08 15:42:30 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2007/06/21 19:28:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/06/21 19:28:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/08 15:42:28 | 1378,615,296 | -HS- | M] () -- C:\pagefile.sys
[2008/09/18 13:11:19 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 09:35:55
< End of report >
OTL Extras logfile created on: 08/09/2010 15:53:30 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Trevor\Desktop\geektogo
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,015.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.73 Gb Total Space | 100.10 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.88 Gb Free Space | 13.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TREVOR-PC
Current User Name: Trevor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AF04642-0660-4AA1-AFA6-805A263F93C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56D6C222-B9C7-411C-8990-CF34F42BF9C4}" = lport=23799 | protocol=17 | dir=in | name=bitcomet 23799 udp |
"{579DA89C-3CA4-4C94-8E3A-618A72BCC8C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9216E038-8B35-47A3-9B6C-B6CC45FEF69B}" = lport=23799 | protocol=6 | dir=in | name=bitcomet 23799 tcp |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0590774A-78AA-4EB8-BBED-516A2DACAC27}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{10E9C135-DAB9-4C8B-A6E4-10724E5DEE23}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{1988939A-5FDD-4404-BC8B-873913B66443}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1182422047\ee\aolsoftware.exe |
"{3BF4E836-6B91-4E27-B68F-2616A305C28C}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4345CC9F-CAA4-45E9-853B-32DB27CC15FA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4641FE73-4A1B-40E7-8009-462419AEB778}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4C06A7E6-519B-4ADD-A56E-8A781998D7C6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4C27C54D-7725-473A-9034-C8B770909ACB}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{53C1A441-13A9-482E-BEDD-EAB1754F6C5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{56AE0D30-92C2-450C-B511-2D1F59EA6BAD}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{76896AB2-7A90-429D-9A82-E069AC83D119}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{783D5D62-636E-4FB2-BA70-41E3323B98B0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1182422047\ee\aolsoftware.exe |
"{8EBE2E9D-73ED-4017-9910-CBC1EE2F4E7A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9B946B38-9C82-4EF7-975E-C837494C5761}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{A1E60CD3-9DDE-43DD-836E-313121098195}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4086945-0283-44DD-9B31-D7B711D3BAE7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C1F40452-E621-4E52-9EF7-0AA0D3BABCED}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C7509206-3579-471F-8151-1B7187C184E2}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{D0FD07E9-3A89-4819-8014-81F84DF6756C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E0907250-76F2-4353-892C-E09EA4A69CA3}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F728E753-1A11-4CF0-B395-B8617B2B3361}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F97B078A-01B5-43DA-9687-E59CF6F37CE3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 21
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DF0102B1-4E96-4953-8625-E73CEBC491E9}" = SmartStamp
"{DF52D335-A00C-45E0-9CC4-6956A1ED892D}" = BTOffer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"Football Manager 2008" = Football Manager 2008
"Google Base Store Connector" = Google Base Store Connector
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{DF0102B1-4E96-4953-8625-E73CEBC491E9}" = SmartStamp
"KeyView for Lotus" = KeyView for Lotus 97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NIS" = Norton Internet Security
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp (remove only)
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07/09/2010 21:57:34 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10e8 Start Time: 01cb4ef71666a5d7 Termination Time: 60000
Error - 07/09/2010 22:13:34 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1704 Start Time: 01cb4ef9c91e0317 Termination Time: 60000
Error - 07/09/2010 22:23:47 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cdc Start Time: 01cb4efb9a0fdc47 Termination Time: 60000
Error - 08/09/2010 08:33:45 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 710 Start Time: 01cb4f2db98d6667 Termination Time: 3869
Error - 08/09/2010 08:56:17 | Computer Name = Trevor-PC | Source = Google Update | ID = 20
Description =
Error - 08/09/2010 09:04:35 | Computer Name = Trevor-PC | Source = Google Update | ID = 20
Description =
Error - 08/09/2010 09:25:50 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3834 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b50 Start Time: 01cb4f5703a21a3a Termination Time: 141
Error - 08/09/2010 09:28:10 | Computer Name = Trevor-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 720 Start Time: 01cb4f55fcc10b5a Termination Time: 0
Error - 08/09/2010 09:56:41 | Computer Name = Trevor-PC | Source = Perflib | ID = 1008
Description =
Error - 08/09/2010 09:56:44 | Computer Name = Trevor-PC | Source = Perflib | ID = 1010
Description =
[ System Events ]
Error - 08/09/2010 04:12:41 | Computer Name = Trevor-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.
Error - 08/09/2010 08:53:53 | Computer Name = Trevor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:52:25 on 08/09/2010 was unexpected.
Error - 08/09/2010 09:32:27 | Computer Name = Trevor-PC | Source = DCOM | ID = 10010
Description =
Error - 08/09/2010 09:43:31 | Computer Name = Trevor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:41:33 on 08/09/2010 was unexpected.
Error - 08/09/2010 09:43:33 | Computer Name = TREVOR-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 001921D7F328 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
Error - 08/09/2010 09:45:12 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08/09/2010 09:45:12 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08/09/2010 09:45:49 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 08/09/2010 10:42:34 | Computer Name = Trevor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:40:26 on 08/09/2010 was unexpected.
Error - 08/09/2010 10:45:01 | Computer Name = Trevor-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >