Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very Slow I Explorer, with Navigation Freezes


  • Please log in to reply

#1
DocTom

DocTom

    Member

  • Member
  • PipPip
  • 18 posts
This is my first appeal for help, so please experts, be forebearing.

I do not know if I have got malware. But suddenly about a week ago, the internet service became very slow, and suffered frequent freezes - links, refresh button, stop button, etc, just not responding at all; even deleting text in the navigation bar (where the www's go - sorry this may not be the correct name) was sluggish - the backspace curser would go across but the text was not deleted.

I ran Avast Free. CC Cleaner Free, and ASC Free, all of which did not show any malware.

But something is very wrong!

My laptop is an old Acer Travelmate, so I do not expect superb performance, but it was quite acceptable until about a week ago. I have not knowingly acted in away that is likely to cause the problem (I believe); perhaps update downloads of Avast, ASC, and Windows Defender are possible culprits.

I see that there have been similar topics previously, but the investigations all seemed to require the OTL log, so after about 10 attempts I did manage to get this to work, and the log is pasted below.

I do hope that you are able to assist, as things are abominable now.

OTL logfile created on: 04/12/2011 16:52:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tom J Pike\My Documents\Op System
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.98 Mb Total Physical Memory | 245.49 Mb Available Physical Memory | 32.01% Memory free
1.83 Gb Paging File | 1.11 Gb Available in Paging File | 60.78% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.34 Gb Free Space | 72.91% Space Free | Partition Type: NTFS

Computer Name: ACER-5GI5Q0UBZJ | User Name: Tom J Pike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 16:51:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom J Pike\My Documents\Op System\OTL.scr
PRC - [2011/11/29 01:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/29 01:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/11/08 01:04:36 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/12 06:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/07 08:49:42 | 000,376,352 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/07/07 08:49:40 | 001,706,544 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/02/16 20:52:08 | 000,504,832 | ---- | M] (Acer) -- C:\Program Files\Acer\Notebook Manager\almxptray.exe
PRC - [2001/10/25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/04 15:40:29 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/04 15:40:28 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/04 02:10:31 | 001,642,496 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120302\algo.dll
MOD - [2011/12/03 02:57:15 | 001,641,984 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120201\algo.dll
MOD - [2011/11/30 12:37:19 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/30 12:37:19 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/29 22:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120302\aswRep.dll
MOD - [2011/11/29 22:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120201\aswRep.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/23 08:06:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2011/10/23 08:04:57 | 000,676,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\34a40c4b206ad3b6a26879a2f0d2fcf0\SolutoCleanup.ni.dll
MOD - [2011/10/23 08:04:54 | 000,510,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\737362a798bd39d8141cb83feca07f6f\PCGDataAggregation.ni.dll
MOD - [2011/10/23 08:04:51 | 000,380,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\a79f2bfb22f4f2ee34229fae443b29c7\PCGBootVisualizingCore.ni.dll
MOD - [2011/10/23 08:04:48 | 000,410,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\cd60b5212d828a87513ecc14f9cb2976\PCGCatalogItemFootprint.ni.dll
MOD - [2011/10/23 08:04:46 | 000,725,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\97cb84f74d7fdb7e6269fcb4f2ea7d6f\PCGBrowsersProbe.ni.dll
MOD - [2011/10/23 08:04:43 | 000,354,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b78041303aac807e619ffb1a2dd057ea\PCGSAProbe.ni.dll
MOD - [2011/10/23 08:04:41 | 000,102,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\0ecb10fe443b6443283ffc45aedcf110\PCGCatalogItemCache.ni.dll
MOD - [2011/10/23 08:04:39 | 000,047,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\57fe69b436e00fc503b706c9e170e264\PCGEntities.ni.dll
MOD - [2011/10/23 08:04:38 | 000,886,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\7e2391646092a1c445735d9f8f54d677\PCGClientCommunication.ni.dll
MOD - [2011/10/23 08:04:34 | 000,125,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\37d57538a7bbd4f14acb147674ad3af8\SolutoUpdateService.ni.dll
MOD - [2011/10/23 08:04:32 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\dc6b51d9dff7defe30125ccf96d07a95\PCGUpgrader.ni.dll
MOD - [2011/10/23 08:04:30 | 001,252,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\41e1763bddf3fa18d6657871e9788257\SolutoService.ni.exe
MOD - [2011/10/23 08:03:59 | 000,644,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\1005c78185057602a9854e51822b707a\PCGPostBootResources.ni.dll
MOD - [2011/10/23 08:03:59 | 000,057,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\c6de41a2518384bb82bcb414233f847a\PCGHIDProbe.ni.dll
MOD - [2011/10/23 08:03:57 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\8caa19ca7948e8c58215a3bea8311b9e\PCGRSPProbe.ni.dll
MOD - [2011/10/23 08:03:48 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\f36a967ddaae73774dfb7e3df7c95013\Community.CsharpSqlite.ni.dll
MOD - [2011/10/23 08:03:46 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\d1b78475fd571b27e9f55dd9f2a5cb24\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2011/10/23 08:03:45 | 000,064,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\7936f032160cef5cae2cc8ef91455b1f\PCGUsersCenter.ni.dll
MOD - [2011/10/23 08:03:44 | 002,984,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\95b112fbd7b5460d3484e25815f12ca5\PCGClientCommon.ni.dll
MOD - [2011/10/23 08:03:37 | 000,195,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\b4cf359dca4929ca9ff71548ae7693bc\PCGBootVisualizingCommon.ni.dll
MOD - [2011/10/23 08:03:30 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\1a2a4a32ea3559a221304122fadc1e12\PCGConfiguration.ni.dll
MOD - [2011/10/23 08:03:29 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\f0a3fccd64c2e64230e2faccbfc9fa16\System.Data.SqlServerCe.ni.dll
MOD - [2011/10/23 08:03:25 | 003,473,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\204795627e680388c0209c1d206f19de\PCGDatabase.ni.dll
MOD - [2011/10/23 08:03:18 | 000,665,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\406bfd7e433fe354f8b0f99e79468a02\PCGAzureShared.ni.dll
MOD - [2011/10/23 08:03:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\a8e5691a1ce1425f41a43d36f6331e08\PCGAzureEntityFramework.ni.dll
MOD - [2011/10/23 08:03:16 | 001,248,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\70aacd34e93d527e8f383328d3d4a0c6\PCGCommunication.ni.dll
MOD - [2011/10/23 08:03:12 | 000,170,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\7ff563f6c23204eb7e00bf1a3bdb7550\PCGDriverProbe.ni.dll
MOD - [2011/10/23 08:03:09 | 002,845,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\45329293420a9f9324e47f9d2d0361e5\PCGPreCompiled.ni.dll
MOD - [2011/10/23 08:03:04 | 001,454,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\b1f99f291fc946099309c3f5bad9a7d5\Newtonsoft.Json.ni.dll
MOD - [2011/10/23 08:02:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/23 08:02:28 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/23 08:02:27 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/23 08:02:24 | 000,572,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\6a4df134093bb7394a7b8fe019dd180a\Ionic.Zip.Reduced.ni.dll
MOD - [2011/10/23 08:02:23 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
MOD - [2011/10/23 08:02:22 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
MOD - [2011/10/23 08:02:20 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
MOD - [2011/10/23 08:02:17 | 002,268,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\4fa996a7b0e74304be2e2d6f19714342\PCGFramework.ni.dll
MOD - [2011/10/23 08:01:58 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/23 08:01:55 | 001,985,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\36d32f4b3eb6a51200590dffb2144d33\Soluto.ni.exe
MOD - [2011/10/23 08:00:46 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
MOD - [2011/10/23 07:48:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/23 07:48:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/23 07:47:36 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/23 07:47:08 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
MOD - [2011/10/23 07:46:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/23 07:46:36 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
MOD - [2011/10/23 07:42:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/23 07:41:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/23 07:38:03 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/23 07:37:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/07/21 09:00:59 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/07/07 08:35:04 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/29 01:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/12 06:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 08:49:42 | 000,376,352 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2001/10/25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 00:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/29 00:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/29 00:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/29 00:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/29 00:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/29 00:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/29 00:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/22 23:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/21 09:00:59 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/13 04:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/07 08:34:08 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2009/12/07 17:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2006/08/02 22:09:00 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2003/01/20 22:44:36 | 000,569,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/13 10:31:46 | 000,006,538 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acernbm.sys -- (acernbm)
DRV - [2002/12/13 03:17:00 | 000,227,887 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2002/12/10 11:00:00 | 000,218,240 | ---- | M] (LAN-Express) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Expsab2.sys -- (LEX_AS_NIC_SERVICE)
DRV - [2002/12/09 15:29:00 | 000,005,441 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbxfilt.sys -- (mbxfilt)
DRV - [2002/11/27 14:46:28 | 000,730,700 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/11/08 13:13:50 | 000,020,579 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2002/10/18 11:07:00 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/09/11 00:45:50 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2002/08/29 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe (Acer)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234401941019 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA7465-B378-4C01-BBD8-4183DBEFF8D5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) -C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom J Pike\My Documents\My Pictures\Picasa\Backgrounds\picasabackground.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom J Pike\My Documents\My Pictures\Picasa\Backgrounds\picasabackground.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\Shell - "" = AutoRun
O33 - MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\Shell - "" = AutoRun
O33 - MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 15:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom J Pike\My Documents\Proformas
[2011/12/03 11:55:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom J Pike\Recent
[2011/12/02 15:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2011/12/02 15:32:39 | 029,918,440 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe
[2011/11/30 12:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom J Pike\Application Data\SUPERAntiSpyware.com
[2011/11/30 12:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom J Pike\Start Menu\Programs\SUPERAntiSpyware
[2011/11/30 12:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/30 12:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/30 12:34:07 | 013,151,264 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/11/29 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/11/29 15:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/04 15:48:50 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/04 15:42:41 | 000,001,572 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/12/04 15:42:39 | 000,002,328 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/12/04 15:42:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/04 15:39:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 15:38:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 15:38:47 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 15:35:12 | 000,000,449 | ---- | M] () -- C:\Documents and Settings\Tom J Pike\My Documents\Passwords.rtf
[2011/12/02 15:34:55 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/12/02 15:34:54 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2011/12/02 15:33:04 | 029,918,440 | ---- | M] (IObit ) -- C:\Program Files\asc-setup.exe
[2011/11/30 12:35:52 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Tom J Pike\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/30 12:34:37 | 013,151,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/11/29 15:40:45 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/11/29 15:36:04 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/29 15:13:35 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/11/29 01:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/29 01:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/29 00:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/29 00:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/29 00:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/29 00:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/29 00:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/29 00:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/29 00:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/29 00:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 15:35:12 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Tom J Pike\My Documents\Passwords.rtf
[2011/12/02 15:34:55 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/12/02 15:34:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2011/11/30 12:35:52 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Tom J Pike\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/29 15:40:45 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/11/29 15:13:35 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/09/19 10:51:36 | 000,177,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/09 11:19:11 | 013,852,708 | ---- | C] () -- C:\Program Files\BlueTooth_Widcomm_1.3.2.7_XPx86.zip
[2011/08/26 14:31:23 | 001,366,104 | ---- | C] () -- C:\Program Files\BOIE8_ENUS_MSCOM_XP.EXE
[2011/06/03 21:02:12 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/18 09:06:48 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Tom J Pike\Application Data\burnaware.ini
[2009/06/17 08:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2009/02/22 08:54:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2009/02/12 19:32:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/12 05:22:39 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2009/02/12 05:22:39 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2009/02/12 05:22:39 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2009/02/12 05:22:39 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2009/02/12 05:22:39 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2009/02/12 05:09:32 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/02/23 09:40:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/21 14:11:41 | 000,006,538 | ---- | C] () -- C:\WINDOWS\System32\drivers\acernbm.sys
[2003/02/21 14:09:03 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003/02/21 14:02:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/02/21 13:11:09 | 001,969,664 | ---- | C] () -- C:\WINDOWS\PQDISK.EXE
[2003/02/21 13:11:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2003/02/21 13:11:09 | 000,029,796 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/21 13:11:09 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI
[2003/02/21 13:10:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/21 13:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/21 13:03:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/21 12:59:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/21 12:58:42 | 000,335,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/11/15 17:45:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2000/04/18 09:02:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,435,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,069,368 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/25 17:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/25 15:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/02 15:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/10/25 15:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/07/16 13:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/02/09 13:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/06/28 15:42:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2011/10/01 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom J Pike\Application Data\ImgBurn
[2003/02/21 14:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom J Pike\Application Data\InterTrust
[2011/12/03 11:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom J Pike\Application Data\IObit
[2010/03/13 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom J Pike\Application Data\Trusteer
[2011/12/04 15:42:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 04/12/2011 16:52:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tom J Pike\My Documents\Op System
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.98 Mb Total Physical Memory | 245.49 Mb Available Physical Memory | 32.01% Memory free
1.83 Gb Paging File | 1.11 Gb Available in Paging File | 60.78% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.34 Gb Free Space | 72.91% Space Free | Partition Type: NTFS

Computer Name: ACER-5GI5Q0UBZJ | User Name: Tom J Pike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.scr [@ = scrfile] -- "%1" /S "%3"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01892453-6095-4825-BB73-78BE918B42CB}" = Soluto
"{062DAE57-6A6D-4364-B16F-A43C83282177}" = O2Micro MultiMediaBay Windows Driver Installer
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D67C45-8484-4398-B5C1-3CAE19FDDF22}" = EPSON PRINT Image Framer Tool1.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C2FA1ED-8248-42DF-A78A-48D40133129E}" = Acer Notebook Manager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BurnAware Free_is1" = BurnAware Free 3.5
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CCleaner" = CCleaner
"Encarta Encyclopedia 2000 Z" = Microsoft Encarta Encyclopedia 2000 World English
"Encarta Virtual Globe 2000 Z" = Microsoft Encarta Interactive World Atlas 2000
"EPSON Printer and Utilities" = EPSON Printer Software
"ESC880 Guide" = ESC880 Guide
"ESP830 PSolver" = ESP830 Problem Solver
"FileCD" = NTI FileCD
"FrostWire 5" = FrostWire 5.1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Recuva" = Recuva
"RemoteCapture" = Canon Utilities RemoteCapture 2.2
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TravelMate 800 screensaver" = TravelMate 800 screensaver
"Unlocker" = Unlocker 1.9.1
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"XP Smoker Free Edition_is1" = XP Smoker Free Edition 6.0
"YTdetect" = Yahoo! Detect
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/03/2011 02:25:45 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 26/03/2011 02:25:45 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 26/03/2011 02:25:46 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 26/03/2011 02:25:46 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 26/03/2011 03:52:34 | Computer Name = ACER-5GI5Q0UBZJ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 31/03/2011 10:08:06 | Computer Name = ACER-5GI5Q0UBZJ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8
NIL, P9 NIL, P10 NIL.

Error - 04/04/2011 03:44:13 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/04/2011 03:44:13 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Thanks in anticipation of any help that you may offer.

DocTom.

Error - 04/04/2011 03:44:16 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 04/04/2011 03:44:16 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 30/10/2011 02:50:06 | Computer Name = ACER-5GI5Q0UBZJ | Source = PSched | ID = 14103
Description = QoS [Adapter {49DA7465-B378-4C01-BBD8-4183DBEFF8D5}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 05/11/2011 22:08:15 | Computer Name = ACER-5GI5Q0UBZJ | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 05/11/2011 22:17:00 | Computer Name = ACER-5GI5Q0UBZJ | Source = PSched | ID = 14103
Description = QoS [Adapter {49DA7465-B378-4C01-BBD8-4183DBEFF8D5}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 24/11/2011 06:21:00 | Computer Name = ACER-5GI5Q0UBZJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0004234B85A7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/11/2011 07:23:32 | Computer Name = ACER-5GI5Q0UBZJ | Source = PSched | ID = 14103
Description = QoS [Adapter {49DA7465-B378-4C01-BBD8-4183DBEFF8D5}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 29/11/2011 04:51:20 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core
Service service to connect.

Error - 29/11/2011 04:51:20 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7000
Description = The Soluto PCGenome Core Service service failed to start due to the
following error: %%1053

Error - 03/12/2011 03:48:03 | Computer Name = ACER-5GI5Q0UBZJ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 03/12/2011 04:24:42 | Computer Name = ACER-5GI5Q0UBZJ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'attrib' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Uninstall:
Adobe Reader 8.3.1 -obsolete get latest from adobe.com
Adobe Flash Player 10 ActiveX -obsolete get latest from adobe.com
Advanced SystemCare 5 -rip off of MBAM
FrostWire 5.1.4 -virus delivery system
SUPERAntiSpyware -You can reinstall it when we are done. Just don't want it interfering.
Soluto -Broken


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O33 - MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\Shell - "" = AutoRun
O33 - MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\Shell - "" = AutoRun
O33 - MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 /alldrives
     
:Commands
[RESETHOSTS]
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply




Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0

#3
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : I am aghast at the amount of work that this seems to entail (for you!), but deeply grateful for your help.

A few points before I paste the logs.

1. None of the scans reported any infections.

2. After the reboots (one following removal of Adobe Flash Player, the other after the first OTL scan) Windows sent up a window saying that new hardware had been detected, but the wizard said it was unknown, so I put this down to some sort of glitch, cancelled the wizard and pressed on.

3. After the aswMBR scan, the FIXMBR button was enabled.

4. Although I have only visited websites as required by the tasks that you set for me, I get the impression that speed has improved, and there have been no freezes.

5. Please can you explain why you have such a poor opinion of ASC Free? I have used it for several years under the impression that it is a good utility to keep the PC in good order. And is there a better substitute?

Here are the various logs.....

OTL RUN 1

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76e7afe1-0ea9-11de-a1f4-0004234b85a7}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76e7afe2-0ea9-11de-a1f4-0004234b85a7}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.bat deleted successfully.
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.bat deleted successfully.
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.bat deleted successfully.
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.bat deleted successfully.
C:\Documents and Settings\Tom J Pike\My Documents\Op System\cmd.txt deleted successfully.
S-5-3-42-2819952290-8240758988-879315005-3665 not found in C:\RECYCLER\
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Tom J Pike
->Flash cache emptied: 684 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Tom J Pike
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12062011_134639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MALWAREBYTES

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/12/2011 14:45:46
mbam-log-2011-12-06 (14-45-46).txt

Scan type: Quick scan
Objects scanned: 171819
Time elapsed: 19 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

COMBOFIX
ComboFix 11-12-05.04 - Tom J Pike 06/12/2011 15:28:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.440 [GMT 7:00]
Running from: c:\documents and settings\Tom J Pike\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Tom J Pike\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 07:23 . 2011-12-06 07:23 -------- d-----w- c:\documents and settings\Tom J Pike\Application Data\Malwarebytes
2011-12-06 07:22 . 2011-12-06 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-06 07:22 . 2011-08-31 10:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 07:22 . 2011-12-06 07:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-06 06:48 . 2011-12-06 06:48 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C2C8B1FD-2C12-4738-BC2E-1BEAD7798411}\offreg.dll
2011-12-06 06:46 . 2011-12-06 06:46 -------- d-----w- C:\_OTL
2011-12-03 04:42 . 2011-12-03 04:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2011-12-02 08:32 . 2011-12-02 08:33 29918440 ----a-w- c:\program files\asc-setup.exe
2011-12-02 08:18 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C2C8B1FD-2C12-4738-BC2E-1BEAD7798411}\mpengine.dll
2011-11-30 05:35 . 2011-11-30 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-30 05:34 . 2011-11-30 05:34 13151264 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-11-29 08:40 . 2011-11-29 08:40 -------- d-----w- c:\program files\Speccy
2011-11-29 08:13 . 2011-11-29 08:13 -------- d-----w- c:\program files\Recuva
2011-11-07 14:28 . 2011-11-07 14:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-07-25 10:50 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-07-25 10:50 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-16 12:58 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-07-25 10:50 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-07-25 10:50 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-07-25 10:50 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-07-25 10:50 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-07-25 10:50 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-07-25 10:50 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-07-25 10:50 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-10 14:22 . 2003-02-21 06:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2009-06-03 12:19 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-02 22:06 . 2011-08-28 08:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 19:37 . 2011-08-28 08:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 1979-12-31 17:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 04:41 . 2008-07-29 12:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 04:41 . 1979-12-31 17:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 04:41 . 1979-12-31 17:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-26 08:08 . 2011-08-26 07:31 1366104 ----a-w- c:\program files\BOIE8_ENUS_MSCOM_XP.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AcerNotebookManager"="c:\program files\Acer\Notebook Manager\almxptray.exe" [2003-02-16 504832]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 46592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-11-15 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-11-18 561152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 315392]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2003-01-27 303104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-9-18 121856]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 11:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/03/2011 19:58 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/07/2010 17:50 314456]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SafDskNT.sys [07/12/2009 17:12 78336]
R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [21/02/2003 14:11 6538]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/07/2010 17:50 20568]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [01/01/1980 227887]
R3 mbxfilt;mbxfilt;c:\windows\system32\drivers\mbxfilt.sys [01/01/1980 5441]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [21/07/2011 09:00 21520]
S3 LEX_AS_NIC_SERVICE;LAN-Express IEEE 802.11a/b Wireless Network Adapter Service;c:\windows\system32\drivers\Expsab2.sys [01/01/1980 218240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01/01/1980 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 12:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SolutoService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 15:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*2*ú%çw]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="\09"
"DeviceInstanceIds"=multi:"kxp_inf\\cx_07482.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-12-06 15:40:58
ComboFix-quarantined-files.txt 2011-12-06 08:40
.
Pre-Run: 59,599,347,712 bytes free
Post-Run: 59,658,690,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 584991183566452E1A22D36F877D3C6B

COMBOFIX QUARANTINED FILES

2011-12-06 08:39:38 . 2011-12-06 08:39:38 566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-SolutoService.reg.dat
2011-12-06 08:33:45 . 2011-12-06 08:33:45 9,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-06 08:24:08 . 2011-12-06 08:24:08 51 ----a-w- C:\Qoobox\Quarantine\catchme.log


TDSKILLER

15:46:34.0581 0728 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:46:36.0463 0728 ============================================================
15:46:36.0463 0728 Current date / time: 2011/12/06 15:46:36.0463
15:46:36.0463 0728 SystemInfo:
15:46:36.0463 0728
15:46:36.0463 0728 OS Version: 5.1.2600 ServicePack: 3.0
15:46:36.0463 0728 Product type: Workstation
15:46:36.0463 0728 ComputerName: ACER-5GI5Q0UBZJ
15:46:36.0463 0728 UserName: Tom J Pike
15:46:36.0463 0728 Windows directory: C:\WINDOWS
15:46:36.0463 0728 System windows directory: C:\WINDOWS
15:46:36.0463 0728 Processor architecture: Intel x86
15:46:36.0463 0728 Number of processors: 1
15:46:36.0463 0728 Page size: 0x1000
15:46:36.0463 0728 Boot type: Normal boot
15:46:36.0463 0728 ============================================================
15:46:37.0235 0728 Initialize success
15:46:47.0940 3452 ============================================================
15:46:47.0940 3452 Scan started
15:46:47.0940 3452 Mode: Manual;
15:46:47.0940 3452 ============================================================
15:46:48.0451 3452 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:46:48.0461 3452 Aavmker4 - ok
15:46:48.0501 3452 Abiosdsk - ok
15:46:48.0521 3452 abp480n5 - ok
15:46:48.0591 3452 acernbm (1f056a9dc1e5941b064907a1869ee230) C:\WINDOWS\system32\drivers\acernbm.sys
15:46:48.0591 3452 acernbm - ok
15:46:48.0651 3452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:48.0651 3452 ACPI - ok
15:46:48.0681 3452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:46:48.0681 3452 ACPIEC - ok
15:46:48.0711 3452 adpu160m - ok
15:46:48.0761 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:48.0761 3452 aec - ok
15:46:48.0821 3452 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:48.0821 3452 AFD - ok
15:46:48.0921 3452 AgereSoftModem (ed5c8b22de2021339a7c7fccfe5c5d7e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:46:48.0931 3452 AgereSoftModem - ok
15:46:49.0001 3452 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:46:49.0001 3452 agp440 - ok
15:46:49.0022 3452 Aha154x - ok
15:46:49.0052 3452 aic78u2 - ok
15:46:49.0072 3452 aic78xx - ok
15:46:49.0142 3452 ALCXWDM (e3e7c0f401e7024e8dc0dbe3ce7dcd59) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:46:49.0152 3452 ALCXWDM - ok
15:46:49.0202 3452 AliIde - ok
15:46:49.0252 3452 amsint - ok
15:46:49.0322 3452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:49.0322 3452 Arp1394 - ok
15:46:49.0342 3452 asc - ok
15:46:49.0372 3452 asc3350p - ok
15:46:49.0392 3452 asc3550 - ok
15:46:49.0462 3452 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:46:49.0482 3452 aswFsBlk - ok
15:46:49.0532 3452 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
15:46:49.0532 3452 aswMon2 - ok
15:46:49.0572 3452 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
15:46:49.0572 3452 aswRdr - ok
15:46:49.0622 3452 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
15:46:49.0632 3452 aswSnx - ok
15:46:49.0682 3452 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
15:46:49.0692 3452 aswSP - ok
15:46:49.0733 3452 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
15:46:49.0733 3452 aswTdi - ok
15:46:49.0793 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:49.0793 3452 AsyncMac - ok
15:46:49.0833 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:49.0833 3452 atapi - ok
15:46:49.0853 3452 Atdisk - ok
15:46:49.0943 3452 ati2mtag (6361d85faf2442bbee2c25ada6cb8512) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:46:49.0953 3452 ati2mtag - ok
15:46:50.0023 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:50.0023 3452 Atmarpc - ok
15:46:50.0093 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:50.0093 3452 audstub - ok
15:46:50.0163 3452 bcm4sbxp (ba03a18635d4b0830c9262cd80d4026b) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:46:50.0163 3452 bcm4sbxp - ok
15:46:50.0243 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:50.0243 3452 Beep - ok
15:46:50.0383 3452 catchme - ok
15:46:50.0444 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:50.0454 3452 cbidf2k - ok
15:46:50.0524 3452 cd20xrnt - ok
15:46:50.0584 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:50.0584 3452 Cdaudio - ok
15:46:50.0644 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:50.0644 3452 Cdfs - ok
15:46:50.0684 3452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:50.0684 3452 Cdrom - ok
15:46:50.0714 3452 Changer - ok
15:46:50.0764 3452 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:46:50.0774 3452 CmBatt - ok
15:46:50.0794 3452 CmdIde - ok
15:46:50.0824 3452 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:46:50.0824 3452 Compbatt - ok
15:46:50.0864 3452 CONAN (765255876a4b5b2dc3e10a846aa9269a) C:\WINDOWS\system32\drivers\o2mmb.sys
15:46:50.0874 3452 CONAN - ok
15:46:50.0914 3452 Cpqarray - ok
15:46:50.0944 3452 dac2w2k - ok
15:46:50.0974 3452 dac960nt - ok
15:46:51.0014 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:51.0014 3452 Disk - ok
15:46:51.0044 3452 DKbFltr (96a48bda68bf734aae79f910ab884a34) C:\WINDOWS\system32\Drivers\DKbFltr.sys
15:46:51.0044 3452 DKbFltr - ok
15:46:51.0145 3452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:51.0165 3452 dmboot - ok
15:46:51.0195 3452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:51.0195 3452 dmio - ok
15:46:51.0215 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:51.0225 3452 dmload - ok
15:46:51.0305 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:51.0305 3452 DMusic - ok
15:46:51.0345 3452 dpti2o - ok
15:46:51.0365 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:51.0365 3452 drmkaud - ok
15:46:51.0435 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:51.0445 3452 Fastfat - ok
15:46:51.0505 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:46:51.0505 3452 Fdc - ok
15:46:51.0545 3452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:51.0545 3452 Fips - ok
15:46:51.0575 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:46:51.0575 3452 Flpydisk - ok
15:46:51.0625 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:51.0625 3452 FltMgr - ok
15:46:51.0655 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:51.0665 3452 Fs_Rec - ok
15:46:51.0705 3452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:51.0705 3452 Ftdisk - ok
15:46:51.0745 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:51.0755 3452 Gpc - ok
15:46:51.0806 3452 hpn - ok
15:46:51.0886 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:51.0886 3452 HTTP - ok
15:46:51.0916 3452 i2omgmt - ok
15:46:51.0946 3452 i2omp - ok
15:46:51.0976 3452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:51.0986 3452 i8042prt - ok
15:46:52.0036 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:52.0036 3452 Imapi - ok
15:46:52.0086 3452 ini910u - ok
15:46:52.0136 3452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:52.0136 3452 IntelIde - ok
15:46:52.0186 3452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:52.0196 3452 intelppm - ok
15:46:52.0236 3452 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:52.0246 3452 ip6fw - ok
15:46:52.0266 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:52.0276 3452 IpFilterDriver - ok
15:46:52.0306 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:52.0306 3452 IpInIp - ok
15:46:52.0346 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:52.0346 3452 IpNat - ok
15:46:52.0386 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:52.0386 3452 IPSec - ok
15:46:52.0426 3452 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
15:46:52.0426 3452 irda - ok
15:46:52.0466 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:52.0466 3452 IRENUM - ok
15:46:52.0537 3452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:52.0537 3452 isapnp - ok
15:46:52.0577 3452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:52.0577 3452 Kbdclass - ok
15:46:52.0627 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:52.0627 3452 kmixer - ok
15:46:52.0697 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:52.0697 3452 KSecDD - ok
15:46:52.0747 3452 lbrtfdc - ok
15:46:52.0797 3452 LEX_AS_NIC_SERVICE (05271ae7fcf0014dcc6591f145ac2fb0) C:\WINDOWS\system32\DRIVERS\Expsab2.sys
15:46:52.0797 3452 LEX_AS_NIC_SERVICE - ok
15:46:52.0857 3452 mbxfilt (8e82c593b4c46b8a12fe36cba1f1eea9) C:\WINDOWS\system32\drivers\MbxFilt.sys
15:46:52.0857 3452 mbxfilt - ok
15:46:52.0897 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:52.0897 3452 mnmdd - ok
15:46:52.0947 3452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:52.0947 3452 Modem - ok
15:46:52.0987 3452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:52.0987 3452 Mouclass - ok
15:46:53.0017 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:53.0017 3452 MountMgr - ok
15:46:53.0047 3452 mraid35x - ok
15:46:53.0127 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:53.0127 3452 MRxDAV - ok
15:46:53.0198 3452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:53.0208 3452 MRxSmb - ok
15:46:53.0288 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:53.0288 3452 Msfs - ok
15:46:53.0338 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:53.0338 3452 MSKSSRV - ok
15:46:53.0368 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:53.0368 3452 MSPCLOCK - ok
15:46:53.0398 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:53.0398 3452 MSPQM - ok
15:46:53.0438 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:53.0438 3452 mssmbios - ok
15:46:53.0488 3452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:53.0488 3452 Mup - ok
15:46:53.0558 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:53.0558 3452 NDIS - ok
15:46:53.0608 3452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:53.0608 3452 NdisTapi - ok
15:46:53.0648 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:53.0648 3452 Ndisuio - ok
15:46:53.0678 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:53.0678 3452 NdisWan - ok
15:46:53.0738 3452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:53.0738 3452 NDProxy - ok
15:46:53.0788 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:53.0788 3452 NetBIOS - ok
15:46:53.0838 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:46:53.0838 3452 NetBT - ok
15:46:53.0919 3452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:53.0919 3452 NIC1394 - ok
15:46:53.0979 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:53.0989 3452 Npfs - ok
15:46:54.0029 3452 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:46:54.0029 3452 NSCIRDA - ok
15:46:54.0139 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:54.0139 3452 Ntfs - ok
15:46:54.0389 3452 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
15:46:54.0389 3452 NTIDrvr - ok
15:46:54.0600 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:54.0610 3452 Null - ok
15:46:54.0800 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:54.0800 3452 NwlnkFlt - ok
15:46:54.0960 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:54.0960 3452 NwlnkFwd - ok
15:46:55.0170 3452 O2SCBUS (7f8d43fd4159b16ebfd65e13ee34677f) C:\WINDOWS\system32\DRIVERS\ozscr.sys
15:46:55.0170 3452 O2SCBUS - ok
15:46:55.0401 3452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:55.0401 3452 ohci1394 - ok
15:46:55.0631 3452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:55.0631 3452 Parport - ok
15:46:55.0831 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:55.0831 3452 PartMgr - ok
15:46:55.0901 3452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:55.0911 3452 ParVdm - ok
15:46:55.0982 3452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:55.0992 3452 PCI - ok
15:46:56.0012 3452 PCIDump - ok
15:46:56.0042 3452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:56.0042 3452 PCIIde - ok
15:46:56.0072 3452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:46:56.0072 3452 Pcmcia - ok
15:46:56.0092 3452 PDCOMP - ok
15:46:56.0112 3452 PDFRAME - ok
15:46:56.0142 3452 PDRELI - ok
15:46:56.0162 3452 PDRFRAME - ok
15:46:56.0192 3452 perc2 - ok
15:46:56.0212 3452 perc2hib - ok
15:46:56.0312 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:56.0312 3452 PptpMiniport - ok
15:46:56.0342 3452 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:56.0342 3452 Processor - ok
15:46:56.0382 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:56.0382 3452 PSched - ok
15:46:56.0412 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:56.0412 3452 Ptilink - ok
15:46:56.0432 3452 ql1080 - ok
15:46:56.0462 3452 Ql10wnt - ok
15:46:56.0482 3452 ql12160 - ok
15:46:56.0512 3452 ql1240 - ok
15:46:56.0542 3452 ql1280 - ok
15:46:56.0753 3452 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
15:46:56.0763 3452 RapportCerberus_32301 - ok
15:46:56.0873 3452 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
15:46:56.0873 3452 RapportEI - ok
15:46:56.0953 3452 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
15:46:56.0953 3452 RapportIaso - ok
15:46:57.0093 3452 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
15:46:57.0093 3452 RapportKELL - ok
15:46:57.0233 3452 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
15:46:57.0233 3452 RapportPG - ok
15:46:57.0364 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:57.0374 3452 RasAcd - ok
15:46:57.0434 3452 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:46:57.0434 3452 Rasirda - ok
15:46:57.0494 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:57.0504 3452 Rasl2tp - ok
15:46:57.0534 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:57.0544 3452 RasPppoe - ok
15:46:57.0564 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:57.0564 3452 Raspti - ok
15:46:57.0614 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:57.0614 3452 Rdbss - ok
15:46:57.0644 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:57.0644 3452 RDPCDD - ok
15:46:57.0694 3452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:57.0704 3452 rdpdr - ok
15:46:57.0774 3452 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:57.0774 3452 RDPWD - ok
15:46:57.0844 3452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:57.0854 3452 redbook - ok
15:46:57.0934 3452 SafDskNT (b002949486a5186471803e4ddfa42502) C:\WINDOWS\system32\drivers\SAFDSKNT.SYS
15:46:57.0944 3452 SafDskNT - ok
15:46:58.0034 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:58.0034 3452 Secdrv - ok
15:46:58.0105 3452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:58.0115 3452 serenum - ok
15:46:58.0155 3452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:58.0155 3452 Serial - ok
15:46:58.0225 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:46:58.0225 3452 Sfloppy - ok
15:46:58.0275 3452 Simbad - ok
15:46:58.0305 3452 Sparrow - ok
15:46:58.0345 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:58.0345 3452 splitter - ok
15:46:58.0395 3452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:58.0395 3452 sr - ok
15:46:58.0455 3452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:58.0465 3452 Srv - ok
15:46:58.0545 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:58.0545 3452 swenum - ok
15:46:58.0595 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:58.0595 3452 swmidi - ok
15:46:58.0635 3452 symc810 - ok
15:46:58.0665 3452 symc8xx - ok
15:46:58.0685 3452 sym_hi - ok
15:46:58.0715 3452 sym_u3 - ok
15:46:58.0786 3452 SynTP (decaf721585f9db53d60d70fd064b6bb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:46:58.0786 3452 SynTP - ok
15:46:58.0826 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:58.0836 3452 sysaudio - ok
15:46:58.0916 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:58.0926 3452 Tcpip - ok
15:46:58.0966 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:58.0966 3452 TDPIPE - ok
15:46:58.0996 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:59.0006 3452 TDTCP - ok
15:46:59.0036 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:59.0046 3452 TermDD - ok
15:46:59.0096 3452 TosIde - ok
15:46:59.0136 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:59.0146 3452 Udfs - ok
15:46:59.0166 3452 ultra - ok
15:46:59.0206 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:59.0206 3452 Update - ok
15:46:59.0286 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:59.0286 3452 usbehci - ok
15:46:59.0336 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:59.0336 3452 usbhub - ok
15:46:59.0386 3452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:59.0396 3452 usbscan - ok
15:46:59.0447 3452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:59.0447 3452 USBSTOR - ok
15:46:59.0487 3452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:59.0507 3452 usbuhci - ok
15:46:59.0537 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:59.0537 3452 VgaSave - ok
15:46:59.0557 3452 ViaIde - ok
15:46:59.0597 3452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:59.0597 3452 VolSnap - ok
15:46:59.0697 3452 w70n51 (677ad85e3058c821f5a73cdf7e5b5478) C:\WINDOWS\system32\DRIVERS\w70n51.sys
15:46:59.0717 3452 w70n51 - ok
15:46:59.0757 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:59.0767 3452 Wanarp - ok
15:46:59.0787 3452 WDICA - ok
15:46:59.0827 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:59.0827 3452 wdmaud - ok
15:47:00.0037 3452 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
15:47:00.0188 3452 \Device\Harddisk0\DR0 - ok
15:47:00.0208 3452 Boot (0x1200) (562ee99c7943d82a9b33ef02cea2d195) \Device\Harddisk0\DR0\Partition0
15:47:00.0208 3452 \Device\Harddisk0\DR0\Partition0 - ok
15:47:00.0208 3452 ============================================================
15:47:00.0208 3452 Scan finished
15:47:00.0208 3452 ============================================================
15:47:00.0238 3260 Detected object count: 0
15:47:00.0238 3260 Actual detected object count: 0
15:47:16.0892 3468 Deinitialize success

ASWMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 15:48:58
-----------------------------
15:48:58.598 OS Version: Windows 5.1.2600 Service Pack 3
15:48:58.598 Number of processors: 1 586 0x905
15:48:58.608 ComputerName: ACER-5GI5Q0UBZJ UserName: Tom J Pike
15:48:59.389 Initialize success
15:49:03.505 AVAST engine defs: 11120501
15:49:19.888 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:49:19.898 Disk 0 Vendor: ST980815A 3.ALA Size: 76319MB BusType: 3
15:49:21.991 Disk 0 MBR read successfully
15:49:22.001 Disk 0 MBR scan
15:49:22.672 Disk 0 unknown MBR code
15:49:22.702 Disk 0 scanning sectors +156296385
15:49:23.804 Disk 0 scanning C:\WINDOWS\system32\drivers
15:49:44.744 Service scanning
15:49:45.766 Modules scanning
15:50:04.212 AVAST engine scan C:\WINDOWS
15:50:08.939 AVAST engine scan C:\WINDOWS\system32
15:52:42.830 AVAST engine scan C:\WINDOWS\system32\drivers
15:53:04.181 AVAST engine scan C:\Documents and Settings\Tom J Pike
15:56:34.914 AVAST engine scan C:\Documents and Settings\All Users
15:57:38.786 Scan finished successfully
15:58:17.241 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom J Pike\My Documents\Op System\MBR.dat"
15:58:17.271 The log file has been saved successfully to "C:\Documents and Settings\Tom J Pike\My Documents\Op System\aswMBRlog061211.txt"


OTL RUN 2

OTL logfile created on: 06/12/2011 15:59:40 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tom J Pike\My Documents\Op System
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.98 Mb Total Physical Memory | 313.66 Mb Available Physical Memory | 40.90% Memory free
1.83 Gb Paging File | 1.42 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 55.58 Gb Free Space | 74.57% Space Free | Partition Type: NTFS

Computer Name: ACER-5GI5Q0UBZJ | User Name: Tom J Pike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 16:51:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom J Pike\My Documents\Op System\OTL.scr
PRC - [2011/11/29 01:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/29 01:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/02/16 20:52:08 | 000,504,832 | ---- | M] (Acer) -- C:\Program Files\Acer\Notebook Manager\almxptray.exe
PRC - [2003/01/27 18:28:00 | 000,303,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2002/11/19 21:01:20 | 000,046,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/11/15 17:40:26 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2001/10/25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/06 02:54:38 | 001,643,008 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120501\algo.dll
MOD - [2011/11/29 22:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120501\aswRep.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/07/21 09:00:59 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2010/07/05 04:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2003/01/27 18:21:52 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/29 01:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2001/10/25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 00:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/29 00:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/29 00:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/29 00:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/29 00:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/29 00:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/29 00:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/21 09:00:59 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2009/12/07 17:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2006/08/02 22:09:00 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2003/01/20 22:44:36 | 000,569,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/13 10:31:46 | 000,006,538 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acernbm.sys -- (acernbm)
DRV - [2002/12/13 03:17:00 | 000,227,887 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2002/12/10 11:00:00 | 000,218,240 | ---- | M] (LAN-Express) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Expsab2.sys -- (LEX_AS_NIC_SERVICE)
DRV - [2002/12/09 15:29:00 | 000,005,441 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbxfilt.sys -- (mbxfilt)
DRV - [2002/11/27 14:46:28 | 000,730,700 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/11/08 13:13:50 | 000,020,579 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2002/10/18 11:07:00 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/09/11 00:45:50 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/12/06 13:46:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe (Acer)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234401941019 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA7465-B378-4C01-BBD8-4183DBEFF8D5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom J Pike\My Documents\My Pictures\Picasa\Backgrounds\picasabackground.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom J Pike\My Documents\My Pictures\Picasa\Backgrounds\picasabackground.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 15:48:48 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tom J Pike\Desktop\aswMBR.exe
[2011/12/06 15:46:03 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom J Pike\Desktop\tdsskiller.exe
[2011/12/06 15:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/06 15:27:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/06 15:24:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/06 15:24:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/06 15:24:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/06 15:24:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/06 15:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/06 15:23:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/06 15:23:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tom J Pike\My Documents\My Videos
[2011/12/06 15:20:32 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\Tom J Pike\Desktop\ComboFix.exe
[2011/12/06 14:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom J Pike\Application Data\Malwarebytes
[2011/12/06 14:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 14:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/06 14:22:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/06 14:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/06 14:09:03 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom J Pike\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/06 13:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/03 15:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom J Pike\My Documents\Proformas
[2011/12/03 11:55:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom J Pike\Recent
[2011/12/02 15:32:39 | 029,918,440 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe
[2011/11/30 12:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/30 12:34:07 | 013,151,264 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/11/29 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/11/29 15:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/11/12 12:09:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/12 12:09:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/12 12:09:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/06 15:48:56 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tom J Pike\Desktop\aswMBR.exe
[2011/12/06 15:46:32 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom J Pike\Desktop\tdsskiller.exe
[2011/12/06 15:27:13 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/12/06 15:20:51 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\Tom J Pike\Desktop\ComboFix.exe
[2011/12/06 14:22:32 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 14:21:01 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom J Pike\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/06 13:51:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/06 13:48:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 13:48:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/06 13:48:04 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 13:46:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/06 12:28:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/06 12:25:17 | 000,001,895 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/12/06 12:25:16 | 000,007,416 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/12/03 15:35:12 | 000,000,449 | ---- | M] () -- C:\Documents and Settings\Tom J Pike\My Documents\Passwords.rtf
[2011/12/02 15:33:04 | 029,918,440 | ---- | M] (IObit ) -- C:\Program Files\asc-setup.exe
[2011/11/30 12:34:37 | 013,151,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/11/29 15:40:45 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/11/29 15:36:04 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/29 15:13:35 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/11/29 01:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/29 01:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/29 00:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/29 00:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/29 00:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/29 00:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/29 00:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/29 00:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/29 00:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/29 00:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 15:27:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/06 15:27:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/06 15:24:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/06 15:24:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/06 15:24:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/06 15:24:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/06 15:24:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/06 14:22:32 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 15:35:12 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Tom J Pike\My Documents\Passwords.rtf
[2011/11/29 15:40:45 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/11/29 15:13:35 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/09/19 10:51:36 | 000,177,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/09 11:19:11 | 013,852,708 | ---- | C] () -- C:\Program Files\BlueTooth_Widcomm_1.3.2.7_XPx86.zip
[2011/08/26 14:31:23 | 001,366,104 | ---- | C] () -- C:\Program Files\BOIE8_ENUS_MSCOM_XP.EXE
[2011/06/03 21:02:12 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/18 09:06:48 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Tom J Pike\Application Data\burnaware.ini
[2009/06/17 08:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2009/02/22 08:54:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2009/02/12 19:32:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/12 05:09:32 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/02/23 09:40:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/21 14:11:41 | 000,006,538 | ---- | C] () -- C:\WINDOWS\System32\drivers\acernbm.sys
[2003/02/21 14:09:03 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003/02/21 14:02:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/02/21 13:11:09 | 001,969,664 | ---- | C] () -- C:\WINDOWS\PQDISK.EXE
[2003/02/21 13:11:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2003/02/21 13:11:09 | 000,029,796 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/21 13:11:09 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI
[2003/02/21 13:10:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/21 13:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/21 13:03:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/21 12:59:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/21 12:58:42 | 000,335,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/11/15 17:45:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2000/04/18 09:02:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,435,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,069,368 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


OTL RUN 2 EXTRAS

OTL Extras logfile created on: 06/12/2011 15:59:40 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tom J Pike\My Documents\Op System
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.98 Mb Total Physical Memory | 313.66 Mb Available Physical Memory | 40.90% Memory free
1.83 Gb Paging File | 1.42 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 55.58 Gb Free Space | 74.57% Space Free | Partition Type: NTFS

Computer Name: ACER-5GI5Q0UBZJ | User Name: Tom J Pike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{062DAE57-6A6D-4364-B16F-A43C83282177}" = O2Micro MultiMediaBay Windows Driver Installer
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D67C45-8484-4398-B5C1-3CAE19FDDF22}" = EPSON PRINT Image Framer Tool1.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C2FA1ED-8248-42DF-A78A-48D40133129E}" = Acer Notebook Manager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Acoustica Effects Pack" = Acoustica Effects Pack
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BurnAware Free_is1" = BurnAware Free 3.5
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CCleaner" = CCleaner
"Encarta Encyclopedia 2000 Z" = Microsoft Encarta Encyclopedia 2000 World English
"Encarta Virtual Globe 2000 Z" = Microsoft Encarta Interactive World Atlas 2000
"EPSON Printer and Utilities" = EPSON Printer Software
"ESC880 Guide" = ESC880 Guide
"ESP830 PSolver" = ESP830 Problem Solver
"FileCD" = NTI FileCD
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Recuva" = Recuva
"RemoteCapture" = Canon Utilities RemoteCapture 2.2
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TravelMate 800 screensaver" = TravelMate 800 screensaver
"Unlocker" = Unlocker 1.9.1
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"XP Smoker Free Edition_is1" = XP Smoker Free Edition 6.0
"YTdetect" = Yahoo! Detect
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/05/2011 04:39:02 | Computer Name = ACER-5GI5Q0UBZJ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 18/05/2011 08:50:58 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: This operation returned because the timeout period expired.

Error - 18/05/2011 08:50:58 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: The specified server cannot perform the requested operation.

Error - 18/05/2011 08:50:58 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: The specified server cannot perform the requested operation.

Error - 18/05/2011 08:51:00 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: This operation returned because the timeout period expired.

Error - 18/05/2011 08:51:00 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: The specified server cannot perform the requested operation.

Error - 18/05/2011 08:51:00 | Computer Name = ACER-5GI5Q0UBZJ | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: The specified server cannot perform the requested operation.

Error - 18/05/2011 08:54:45 | Computer Name = ACER-5GI5Q0UBZJ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8
NIL, P9 NIL, P10 NIL.

Error - 04/06/2011 07:00:33 | Computer Name = ACER-5GI5Q0UBZJ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 14/06/2011 12:17:03 | Computer Name = ACER-5GI5Q0UBZJ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8
NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 29/11/2011 04:51:20 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7000
Description = The Soluto PCGenome Core Service service failed to start due to the
following error: %%1053

Error - 03/12/2011 03:48:03 | Computer Name = ACER-5GI5Q0UBZJ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 03/12/2011 04:24:42 | Computer Name = ACER-5GI5Q0UBZJ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'attrib' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 04/12/2011 06:47:05 | Computer Name = ACER-5GI5Q0UBZJ | Source = PSched | ID = 14103
Description = QoS [Adapter {49DA7465-B378-4C01-BBD8-4183DBEFF8D5}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 06/12/2011 02:21:17 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 06/12/2011 02:46:40 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 06/12/2011 02:46:40 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 06/12/2011 02:46:42 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7034
Description = The EPSON Printer Status Agent2 service terminated unexpectedly.
It has done this 1 time(s).

Error - 06/12/2011 02:46:42 | Computer Name = ACER-5GI5Q0UBZJ | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 06/12/2011 04:37:26 | Computer Name = ACER-5GI5Q0UBZJ | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Your original OTL log showed signs of an infection which I had OTL remove. Might have been caused by an infected USB device of some kind.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Also you might want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.


Combofix also took out some files that it didn't like.

ACS is a Chinese ripoff of MBAM's database and thus not to be trusted. http://malwarebadmka...AM_v_IoBit.html

It's not as much work as you'd think. After the first couple of hundred logs you can scan down the page fairly quickly looking for things that don't look right. Speaking of which you have two files in the combofix log that claim to date from the dawn of computing. I know you said it was old but it can't be that old:

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [01/01/1980 227887]
R3 mbxfilt;mbxfilt;c:\windows\system32\drivers\mbxfilt.sys [01/01/1980 5441]

At best these are damaged. At worst they are malware. Go to http://www.virustotal.com and submit each file and see what they say about it. If they don't say 0/43 (or so - the last number varies) then copy the whole report. Appear to be part of O2Micro MultiMediaBay Windows Driver Installer. Do you know what that is for?

c:\windows\system32\drivers\o2mmb.sys
c:\windows\system32\drivers\mbxfilt.sys

(You can copy the full path of the file and paste it into the window that opens when you hit Browse and hit Open and that should point it at the file. Then Submit it and wait until it tells you what it thinks.)

I found a site that tells you how to update them: http://www.pc-ap.fuj...nstallation.htm

I guess you have to go to
http://support.acer....ct/default.aspx
and put in your notebook info in order to get to the download page for the updated driver.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : the logs from Event Viewer are copied below.

A couple of points.....

1. When starting TDSSKiller, it wanted to update, but when I tried (several times) the mimic showing files being transferred just went on and on and on. There was no information in the window to indicate the size of the update file, nor any info. on transfer rate. So I terminated the update process and ran TDSSKiller in the version that I had from 2 days ago.

2. Every time I boot, I am getting a window saying that new hardware has been detected, and asking me to start the wizard. When I do, allowing connection to the net, it then says the new hardware is unknown. So I cancell the wizard, but still get warnings that my new hardware, whatever it is, may not work properly. Something seems queer!

3. I have no idea what is MultibayMedia Windows Driver Installer. I did update the files from the Acer site.

4. I ran sigverif. It found 3646 files, of which 2583 were signed and 57 unsigned. There were 1006 files that were not scanned. The log showed only the 57 unsigned files. I could not find a way to copy it, but looked at the dates and the file types. There were none that appeared to be driver files, and the most recent dates were in the year 2000, so I guess they have nothing to do with the current problems.

The EventViewer logs are...........

SYSTEM

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/12/2011 11:23:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2011 18:37:39
Type: error Category: 0
Event: 14103 Source: PSched
QoS [Adapter {49DA7465-B378-4C01-BBD8-4183DBEFF8D5}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2011 20:55:39
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 08/12/2011 20:41:38
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

APPLICATION

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/12/2011 11:24:43

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I hope that this second one is not a failed run.

I get the distinct impression that things are much improved - time will tell. Once again very many thanks for all your help and expertise.

Tom.
  • 0

#6
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : sorry - another brain malfunction! I forgot to tell you about the VirusTotal check of the two files. This getting old process is no fun at all.

o2mmb.sys -- 0/41 was the result, and

mbxfilt.sys -- 0/40 was the result.

I guess these must be ok?

Tom.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
This error:

Log: 'System' Date/Time: 08/12/2011 18:37:39
Type: error Category: 0
Event: 14103 Source: PSched
QoS [Adapter {49DA7465-B378-4C01-BBD8-4183DBEFF8D5}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

hopefully just means you need a newer driver for your network or wireless card. But you can live without QoS so if you want to you can turn it off:

START > My Computer > My Network Connections > View Network Connections, right-click on your connection and under Properties (where it lists your protocols), Find QOS Packet Scheduler and remove it.

This error:

Log: 'System' Date/Time: 08/12/2011 20:41:38
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


is usually something we see with a P2P program like limewire or uTorrent or the like but I do not see one running.

Close all programs except an IE browser and try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Might as well also run ESET
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Ron
  • 0

#8
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : interesting day! Some points....................

1. I removed the QOS file as you instructed, using Windows Add/Remove programmes.

2. In reference to your second point, I did have Frostwire until recently, but I had only tried it a couple of times, so when these problems started I removed it using Add/Remove programmes. But since your reply I did a search and found some files, as below.

.frostwire5 file folder 04/12/2011 (date modified)
frostwire.props 1KB PROPS file 04/12/2011
static.frostwire.com file folder 28/08/2011
frostwire-5.2.11.windows 10338.. Application 04/12/2911
frostwire-5.2.11.windows.exe.tor.. 7 KB Torrent file 04/12/2011

I do not know if these files are the cause of the second error, nor do I understand why they were not removed. The one dated 28/08/2011 is a real mystery as it predates anything I did with Frostwire.

Should I delete these?

3. The BitDefender Quickscan log is here....


QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Sat Dec 10 11:58:18 2011
Machine ID: 5004F178



No infection found.
-------------------



Processes
---------
Agere SoftModem Messaging Applet 2132 C:\WINDOWS\AGRSMMSG.exe
almxptray.exe 652 C:\Program Files\Acer\Notebook Manager\almxptray.exe
ATI Desktop Component 2756 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ati2evxx.exe 744 C:\WINDOWS\system32\ati2evxx.exe
avast! Antivirus 1984 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
Billy The Goat 3144 C:\Program Files\Autorun Eater\billy.exe
Dritek System Inc. Launch Manager 01.10 2868 C:\Program Files\Launch Manager\QtZgAcer.EXE
EPSON Bidirectional Printer 980 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Java™ Platform SE 6 U29 1012 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 2916 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 692 C:\WINDOWS\system32\spoolsv.exe
Old McDonald 2952 C:\Program Files\Autorun Eater\oldmcdonald.exe
Progressive Touch 2168 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Progressive Touch 968 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Rapport 1436 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
Rapport 3308 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
Realtek Sound Manager 732 C:\WINDOWS\SOUNDMAN.EXE
UnlockerAssistant.exe 2392 C:\Program Files\Unlocker\UnlockerAssistant.exe
Windows Defender 1376 C:\Program Files\Windows Defender\MsMpEng.exe
(verified) Microsoft® Windows® Operating System 1588 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3552 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 1008 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2992 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1844 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1504 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1248 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1632 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3348 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2152 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1216 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2576 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process AvastSvc.exe (1984) connected on port 80 (HTTP) --> 69.171.229.16
Process AvastSvc.exe (1984) connected on port 80 (HTTP) --> 74.125.236.47

Process svchost.exe (1324) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Acer Launch Tool C:\WINDOWS\Alaunch.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Agere SoftModem Messaging Applet C:\WINDOWS\AGRSMMSG.exe
almxptray.exe C:\Program Files\Acer\Notebook Manager\almxptray.exe
ATI 2D Component C:\WINDOWS\system32\Ati2mdxx.exe
ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Dritek System Inc. Launch Manager 01.10 C:\Program Files\Launch Manager\QtZgAcer.EXE
EPSON Status Monitor 3 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\ssmypics.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Old McDonald C:\Program Files\Autorun Eater\oldmcdonald.exe
Progressive Touch C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Progressive Touch C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE
UnlockerAssistant.exe C:\Program Files\Unlocker\UnlockerAssistant.exe
Windows Defender C:\Program Files\Windows Defender\MpCmdRun.exe
Windows Defender C:\Program Files\Windows Defender\MpShHook.dll
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
avast! WebRep c:\program files\alwil software\avast5\aswwebrepie.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
Seiko Epson Corporation Internet Printi C:\Program Files\Internet Explorer\plugins\NPIPRT32.DLL
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
(verified) Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
(verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: 65529f1dc10559844df306ff279d01fb C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{73706C3E-DAD6-4423-95B3-7A250851F9F5}\mpengine.dll
MD5: 163db46b803e4c83c444a026ff17d269 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{73706C3E-DAD6-4423-95B3-7A250851F9F5}\offreg.dll
MD5: 2fccc769cdba34c6ab6183aa4d2f7519 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
MD5: dd3e4610de9252a957c5bd19bdf47ac4 c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
MD5: 634fec958af7145764548757e5f99089 C:\Program Files\Acer\Notebook Manager\almxptray.exe
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: ffaa62e671f4604f729063640befd039 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
MD5: 9e9898d12608f8fbbd3ab3b9cde010c6 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MD5: b0e0b1b2f651e3c3917d4bec88be57f4 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MD5: 082901e36e49bdd5ebe1aceaccfcabae C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
MD5: 7748d2c035541cc6119cbd0676065555 C:\Program Files\Alwil Software\Avast5\AhResJs.dll
MD5: e656b9bb3650fdc261110b5791e15ac9 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
MD5: 9f91b0d0f39c087de9b0eadde33f49ec C:\Program Files\Alwil Software\Avast5\AhResMes.dll
MD5: 5b63496b23e9d1eabc75947fe51aaa00 C:\Program Files\Alwil Software\Avast5\AhResNS.dll
MD5: ea1cfd8098399e7ffebc5014c130729b C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
MD5: 3a5e076cbff22e52e5bc29222437e6f2 C:\Program Files\Alwil Software\Avast5\AhResStd.dll
MD5: 852369f350aa2563938ab02f0eb8b431 C:\Program Files\Alwil Software\Avast5\AhResWS.dll
MD5: ca4ddb5cb61b905a4407c5fb76527437 C:\Program Files\Alwil Software\Avast5\ashBase.dll
MD5: 12ccfcb4bfb998647439adc8dd58a8c1 C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
MD5: 64a9cfa6d98ee34c75e984acc16ce96e C:\Program Files\Alwil Software\Avast5\ashServ.dll
MD5: 7a4a6056b53f36db50bcb8a334bad2b6 C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: b821ced9f11f12f5dff8e983fc32aea2 C:\Program Files\Alwil Software\Avast5\ashTask.dll
MD5: bef4f20a11c0fe612d2d521a502cca52 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MD5: cd8e2ba308973659b224631349a2f039 C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
MD5: db542d64f17ce2a804581ad6ae207db6 C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll
MD5: 1d352baff5a4b2e5e163bb6e652daf49 C:\Program Files\Alwil Software\Avast5\aswAux.dll
MD5: 5a996ce86bda5ff1b628b21b9871287a C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MD5: 85e7f7d95de30a2008c75726cfc3ad61 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MD5: 928f0fc896d10b099588a1d5aa46b1bf C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MD5: 58bc0980941cb7ad218345adf24261d4 C:\Program Files\Alwil Software\Avast5\aswDld.dll
MD5: 09cb9ae8bbc2512d9818987e721abe32 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MD5: c3f2f11d2db6436b638ffb3befe97009 C:\Program Files\Alwil Software\Avast5\aswIdle.dll
MD5: 6e659799d1b14096c4da0717a9ab86a8 C:\Program Files\Alwil Software\Avast5\aswJsFlt.dll
MD5: 4f91c0b574919537defdb406ffd94430 C:\Program Files\Alwil Software\Avast5\aswLog.dll
MD5: aee62a34b70cbea34ebe384d529312cb C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MD5: 388d8dd599c04577edff52e79c451bd7 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MD5: 09f2f57c119fad90fc4bbd42e716b351 C:\Program Files\Alwil Software\Avast5\aswStrm.dll
MD5: 328bc79bc53ba7a284c818dde88945d7 c:\program files\alwil software\avast5\aswwebrepie.dll
MD5: 996e6d052438e8d8dfd501f31560b2e0 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: 3e38c5a0c134b1b7e51403cd19d8d52a C:\Program Files\Alwil Software\Avast5\defs\11120801\algo.dll
MD5: 2e05fc15a3660e073e3ae560042540fd C:\Program Files\Alwil Software\Avast5\defs\11120801\arPot.dll
MD5: 298857f6cbabfd7913da9574bb95122e C:\Program Files\Alwil Software\Avast5\defs\11120801\aswCmnBS.dll
MD5: ac00071afd110319094118df7f0734c6 C:\Program Files\Alwil Software\Avast5\defs\11120801\aswCmnIS.dll
MD5: e65f35e6820cf0ff6107c3818f779e05 C:\Program Files\Alwil Software\Avast5\defs\11120801\aswCmnOS.dll
MD5: 45e26cbd25aa3d5d936fd3f96c767191 C:\Program Files\Alwil Software\Avast5\defs\11120801\aswEngin.dll
MD5: 47700103184884bcad6069500e768c21 C:\Program Files\Alwil Software\Avast5\defs\11120801\aswFiDb.dll
MD5: 1c9f1f1039b64327fa18becbb443cf67 C:\Program Files\Alwil Software\Avast5\defs\11120801\aswRep.dll
MD5: 4599081cfa6360d05eb8299fdf1cf2f3 C:\Program Files\Alwil Software\Avast5\defs\11120801\aswScan.dll
MD5: ea5abee342925aa2c959e07fe6a95d5c C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 9f04c408e39b5a378b74d30eb16c968b C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
MD5: b320608941ef15d28c2785f3977129f7 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: dcf2d2e8cd5bf70626d7e58b096f9895 C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
MD5: c5f6eca94ad8cfd054f6d14f14972026 C:\Program Files\Autorun Eater\billy.exe
MD5: 175fb9a3eb526fcf2cb60cbc3132a8e5 C:\Program Files\Autorun Eater\oldmcdonald.exe
MD5: 6397ea2e883422f04527da68a6941f26 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 8c4ac22616e77925135c221c46dc6307 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 53cf52bccf5c5e3cc6e62224d27bf701 C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL
MD5: a7661800aec543b2e2d08aed61835359 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Google\Picasa3\npPicasa3.dll
MD5: 8eb0a2a9040cf4b66690fc80ca355902 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 2c180a229601e45f523be5e7139aeef7 C:\Program Files\Internet Explorer\plugins\NPIPRT32.DLL
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 1115eea4ae0da72e416b210adba424a2 C:\Program Files\internet explorer\xpshims.dll
MD5: dc365b6e595683f67bc21a203432e336 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e3a7850421a4ab8b15fc174eb587bc6b C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 7fa2392ab2ba674800ccdb0b18b64bb8 C:\Program Files\Launch Manager\CDRomUtl.dll
MD5: 50bd1abeb6f17ee70b2b630f400cd155 C:\Program Files\Launch Manager\ComFnUtl.dll
MD5: 83d14f5fdb2366e93364a22dfe3e8c37 C:\Program Files\Launch Manager\DialCnt.Dll
MD5: d717e8730a066862aeec825ea98c4ecf C:\Program Files\Launch Manager\LgKCUtl.dll
MD5: 8e3122a02c3981a9681c814e2ae102f1 C:\Program Files\Launch Manager\MixerUtl.dll
MD5: 459bfc011435665436edf936c80a6f3e C:\Program Files\Launch Manager\OSDUtl.dll
MD5: 99cd21b43de4edc46912a54383afed0f C:\Program Files\Launch Manager\PowerUtl.dll
MD5: a9e9c3c2fcbc7750e9f3a8e48124a134 C:\Program Files\Launch Manager\QtZgAcer.EXE
MD5: 5a1822b18fee8807eb7eb33ba8cf9b0f C:\Program Files\Launch Manager\RgnMaker.dll
MD5: 35eafa4f987a2b05f110c54173836066 C:\Program Files\Launch Manager\SzUPFUtl.dll
MD5: c9a8f1d76f468eb1c6e05949f5485b0d C:\Program Files\Launch Manager\Wnd2File.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 5bc65464354a9fd3beaa28e18839734a C:\Program Files\Microsoft Office\Office10\OSA.EXE
MD5: 2529850066879ec192eaebb2e297137c C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: ed9a9d89a8844d3ee74b6ccc4f361013 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: 35a6b0cb691136682bee2f63b69fc4fe C:\Program Files\Trusteer\Rapport\bin\ATL80.DLL
MD5: 6c75f90f00d6913660b5e8d3751faef7 C:\Program Files\Trusteer\Rapport\bin\MSVCP80.dll
MD5: c609f0fb2b82e643091c16c62961bb01 c:\program files\trusteer\rapport\bin\MSVCR80.dll
MD5: 5074fe56c70b31909c6b3129280c4cf2 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
MD5: aecd2a1998fb8e6e2e8304702148a967 C:\Program Files\Trusteer\Rapport\bin\RapportKoan.dll
MD5: c7d3492630472dc0546715dd4157b6c2 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
MD5: 1205f9ccc78d152a5cc509f5ee32800d C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
MD5: a2272146346be995e8956e139c5e6fa1 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
MD5: a5e638419da5f92f574bdf0cc9bcbc8b C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll
MD5: 42a30ad650abe3c20b498594ff2c4c17 c:\program files\trusteer\rapport\bin\rooksbas.dll
MD5: 58f6adae5e04a178349dc76124269da2 c:\program files\trusteer\rapport\bin\rookscom.dll
MD5: 27d71b9e1d2bf57a66e3e3364f794214 c:\program files\trusteer\rapport\bin\rooksdol.dll
MD5: 255e405d801cf01247390f38f92d8042 C:\Program Files\Unlocker\UnlockerAssistant.exe
MD5: abbee3e367f6e6ed415d33c78121ffa9 C:\Program Files\Unlocker\UnlockerHook.dll
MD5: 6f44dd636c791b70ade78fe974be0a1d C:\Program Files\Windows Defender\MpClient.dll
MD5: 08ad1cd68d68711c75c15bf42a11892b C:\Program Files\Windows Defender\MpCmdRun.exe
MD5: 889bec77bca63cdcdd50f591dcd63cdb C:\Program Files\Windows Defender\MpOAv.dll
MD5: 84c07d29912726032a583aea2ff29b7d C:\Program Files\Windows Defender\mprtplug.dll
MD5: f9d82b82f1b7c0b2d2606a987073f58c C:\Program Files\Windows Defender\MpShHook.dll
MD5: 64898bea32c12badda4218be88dbd595 C:\Program Files\Windows Defender\MpSvc.dll
MD5: f45dd1e1365d857dd08bc23563370d0e C:\Program Files\Windows Defender\MsMpEng.exe
MD5: d4977e5b6b3bf4daa1f35d6ee44da80f C:\WINDOWS\AGRSMMSG.exe
MD5: a8e4290682042790fa7f9e071ec2f0e4 C:\WINDOWS\Alaunch.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 77e6673a112c98f99ef44776f4de2e4d C:\WINDOWS\AppPatch\AcLayers.DLL
MD5: 1fa2274532e71bc48bbcc0046a5d4c4a C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f9bfdff7e19127ca836338f4c9236d79 C:\WINDOWS\SOUNDMAN.EXE
MD5: 1e39315954949a2a31fa45c08be85499 C:\WINDOWS\system32\ati2evxx.exe
MD5: fae95d6d7651b5629c4e19adbc9a3863 C:\WINDOWS\system32\Ati2mdxx.exe
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 1f056a9dc1e5941b064907a1869ee230 C:\WINDOWS\system32\drivers\acernbm.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: ed5c8b22de2021339a7c7fccfe5c5d7e C:\WINDOWS\System32\DRIVERS\AGRSM.sys
MD5: e3e7c0f401e7024e8dc0dbe3ce7dcd59 C:\WINDOWS\system32\drivers\ALCXWDM.SYS
MD5: 6361d85faf2442bbee2c25ada6cb8512 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
MD5: ba03a18635d4b0830c9262cd80d4026b C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
MD5: 96a48bda68bf734aae79f910ab884a34 C:\WINDOWS\System32\Drivers\DKbFltr.sys
MD5: 05271ae7fcf0014dcc6591f145ac2fb0 C:\WINDOWS\System32\DRIVERS\Expsab2.sys
MD5: aca5e7b54409f9cb5eed97ed0c81120e C:\WINDOWS\System32\DRIVERS\irda.sys
MD5: 8e82c593b4c46b8a12fe36cba1f1eea9 C:\WINDOWS\system32\drivers\MbxFilt.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: 2adc0ca9945c65284b3d19bc18765974 C:\WINDOWS\System32\DRIVERS\nscirda.sys
MD5: 3c25d8a23c366fbe1511b4a250a1a2ad C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
MD5: 765255876a4b5b2dc3e10a846aa9269a C:\WINDOWS\system32\drivers\o2mmb.sys
MD5: 7f8d43fd4159b16ebfd65e13ee34677f C:\WINDOWS\System32\DRIVERS\ozscr.sys
MD5: d6c7c196ad59375e9dde68d70db6e7a1 C:\WINDOWS\System32\Drivers\RapportKELL.sys
MD5: b002949486a5186471803e4ddfa42502 C:\WINDOWS\system32\drivers\SAFDSKNT.SYS
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: decaf721585f9db53d60d70fd064b6bb C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: 677ad85e3058c821f5a73cdf7e5b5478 C:\WINDOWS\System32\DRIVERS\w70n51.sys
MD5: 9bc6dd6633c08173b5cb0244c23dea5b C:\WINDOWS\system32\E_SL2300.DLL
MD5: b40da4318b477b07d635565e3014513d C:\WINDOWS\system32\EBAPI2.DLL
MD5: 57adbb78264350f6a236daa1297e01a1 C:\WINDOWS\system32\EBPMON2.DLL
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\IEFRAME.dll
MD5: aaf56985933f7d3e953e1b994d22e4f4 C:\WINDOWS\system32\iepeers.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: 49cc4533ce897cb2e93c1e84a818fde5 c:\windows\system32\irmon.dll
MD5: 77ae096874bb2d5d551d2ba7f7a5e2df C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: 4963cb503600fc3bcbdbfba51fba1fac C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 65e6742fe0dd8319b1acf820caf63044 C:\WINDOWS\system32\msjava.dll
MD5: c7e39ea41233e9f5b86c8da3a9f1e4a8 C:\WINDOWS\system32\mspmsnsv.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\oleaut32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 63ae668f783df28772d200f41cb40873 C:\WINDOWS\System32\scrobj.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: c896f6270ec20a60799298b423d5f58b C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\shell32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: e3d3f7768ee486fe30c871ba0f04f0db C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 5e453cb99df0838226defc05f3484cdf C:\WINDOWS\System32\ssmypics.scr
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: 50d837798f64e99bbfadb29fdf595d78 C:\WINDOWS\system32\SynTPAPI.dll
MD5: 920299374a2a17e40d161f52bbea34f8 C:\WINDOWS\system32\SynTPFcs.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: b62bb2be4227edbb1091cc7c7076fd30 C:\WINDOWS\system32\VMHELPER.DLL
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 52778fce46e510b60f513b8882a65cd6 C:\WINDOWS\System32\wshirda.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 1b3b381e1aab46f7b321a46150d890cb C:\WINDOWS\system32\xpsp3res.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 7 sec
Total traffic - 0.01 MB sent, 0.70 KB recvd
Scanned 594 files and modules - 89 seconds

==============================================================================

5. The ESET AV scan was really slow, but it has found some threats.........

C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP329\A0103320.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP329\A0103324.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106628.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106637.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106642.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106648.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

and the logfile is here........

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5eb3306e2d5ef1468deed44f3cf4a7e0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-10 07:59:04
# local_time=2011-12-10 02:59:04 (+0700, SE Asia Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 43439855 43439855 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=122531
# found=6
# cleaned=6
# scan_time=9091
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP329\A0103320.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP329\A0103324.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106628.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106637.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106642.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP330\A0106648.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


I feel that I have seen reference somewhere to a virus called Babylon - I will look it up.

One further point: since our last exchange, I had to download and install Adobe Reader as I neede urgently some papers from my bank in the UK (I am living in Thailand.) But the scans etc referenced above included the Adobe software.

Once again I pass my profuse thanks for all your help!

Tom.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Go ahead and delete the frostwire files.

Files in C:\System Volume Information\ are System Restore points and not active. We can clear the old restore points:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.


Bitdefender only sees a connection to Google and to facebook. I'm not sure what was causing the "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts" error.

Nothing wrong with adobe reader as long as it is a current version. Yours was obsolete and subject to vulnerabilities. I do recommend:
Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. This makes it a bit safer to use.

Clear the events as before,

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

and run Vino's
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

(the System log is enough) and copy and paste the log.
  • 0

#10
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : everthing done as instructed. I ran the Vino with 20 events setting, report below. But I did run it again with dates from 09 Dec to today - the log was exactly the same.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 15:09:09

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Hope this was ok.

Profuse thanks once again,

Tom.
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
That's what we want - no errors. If it is running OK then we are done.


We need to clean up System Restore (if we haven't already).

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#12
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : Most stuff done, but I have put to one side for the moment the router fixes - I will do them later (it is a wireless router supplied by the Thai telecoms company and I need some help with Thai script!)

The Found New Hardware Wizard pops up at every boot. Also little messages from the Taskbar. Can you assist in preventing this please. If not, no worries - it si just an annoyance and maybe I will eventually find a way to fix it myself.

Very many thanks once again.

Tom.
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
(Start) Right click on My Computer and select Manage then Device Manager. Click on View then Show Hidden Devices. Look in the right pane for entries with yellow or red marks. Right click on them and select Properties then look under Details. Click on the down arrow and select Device Instance ID. Copy down the information it gives you.

Also tell me the Make and model of this PC.
  • 0

#14
DocTom

DocTom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ron : there was only one item showing in yellow (no reds).


The yellow item had the following detail......

ROOT\LEGACY_SASUTIL\0000

The computer is an Acer TravelMate 800LCi, with Windows XP Professional 32 bit SP3.

I did in fact stop the New Hardware Wizard window from poping up by letting it run a bit longer, then a button appeared which allowed me to "not show this window again". But it seems that you have found some false record of hardware?

Two further queries - I don't want to jeapordise all the great work by doing something silly.

1) Now that I do not have IoBit ASC, should I try to find a free Registry Cleaner to run occasionally?

2) And the HippoUpdater wants to download a new version of Windows Media Player - some 25MB. I had previously thought to uninstall WMP, and get the free KMPlayer instead - is this software ok as far as you know (not on a bad list like ASC)?

Thanks again to you.

Tom.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
You should be able to right click on the yellow marked device and uninstall. It is nothing but a remnant of SuperAntiSpyware.

Actually we advise everyone NOT to use registry cleaners. They cause more troubles than they are worth.

You can uninstall WMP if you want to rather than upgrade or just keep it as it is and tell filehippo to ignore updates. If you won't be opening files with it then it doesn't matter. I don't know anything about KMPlayer other than what I read on the net. I see cnet.com says it is pretty good. I use VLC myself. http://www.videolan.org/vlc/ It seems to open just about everything in the video world.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP