Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Zbot [Solved]


  • This topic is locked This topic is locked

#1
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Member
  • PipPip
  • 58 posts
Hi everyone

I believe that I was infected with Zbot via a hacked twitter account. I have a paid for version of Eset which did not detect the infection. I downloaded Malware Bytes and that found 2 Zbot infections and these have been deleted. My laptop is still running slow and keeps crashing with the BSoD. I have since run Sophos and that found nothing but the crashing still happens. I would appreciate any advice on what to do next.

I have run Hijackthis and the log is below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:11:57, on 22/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3\3Connect\BecHelperService.exe
C:\Program Files\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\DOCUME~1\richard\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Evoluent\VMouse\EvoMouExec.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\richard\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\richard\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Backup Utility TaskTray Tool] "C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\richard\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Evoluent Mouse Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc....kup/qdiagcc.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3\3Connect\BecHelperService.exe
O23 - Service: Backup Utility Service (BFBackupUtilityService) - BUFFALO INC. - C:\Program Files\BUFFALO\Backup_Utility\BUService.exe
O23 - Service: Backup Utility VSS Service for Windows XP (BFBackupUtilityVSSService) - BUFFALO INC. - C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12694 bytes

Edited by SweetTech, 22 May 2012 - 01:14 AM.
moved from XP forum to Malware forum.-ST.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello SamSpadeSleuth and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
maliprog

Thank you for your time in helping me with this problem. I have completed the requested action and the results are below.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-22 16:45:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SBDO
Running: jt0imope.exe; Driver: C:\DOCUME~1\richard\LOCALS~1\Temp\kgldapoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA4CFC086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA4CFCBE4]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThread [0xA51DE5E0]
SSDT 889E5200 ZwDebugActiveProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA4CFCDDC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xA4D005B2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xA4D005E4]
SSDT 889E52F0 ZwDuplicateObject
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xA4D00746]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA4CFCCFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xA4CFC1FC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xA4CFC3F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA4CFC522]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xA4D006BC]
SSDT 889E50E0 ZwQueueApcThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA4D00626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xA4D00658]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xA4D0068A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xA4CFC02C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA4CFCE82]
SSDT 889E4D90 ZwSetInformationThread
SSDT 889E1DA0 ZwSetSecurityObject
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xA4D0054A]
SSDT 889E4B90 ZwSuspendProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA4CFBFC6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xA4CFBEEE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xA4CFBF36]
SSDT 889E56D0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[488] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1372] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1372] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1372] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2732] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00444AD0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2732] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2732] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2732] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3348] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3348] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3348] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3348] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 719F0022
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] ntdll.dll!_CIpow + 42B 7C90E44B 5 Bytes JMP 00B49270 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] ntdll.dll!KiUserApcDispatcher + 5 7C90E455 2 Bytes [EB, F4] {JMP 0xfffffffffffffff6}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01BEC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A90001
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01E1E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 01E1E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!DispatchMessageW 7E418A01 6 Bytes PUSH 716D0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 71650022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!GetWindowRect 7E4290B4 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7196000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7192000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71690022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3620] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 01E1E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (PSD Filter Driver/HiTRUST)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)

---- EOF - GMER 1.0.15 ----
  • 0

#4
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
maliprog

here is the Extras.Txt file

OTL Extras logfile created on: 22/05/2012 09:56:27 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\richard\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.91% Memory free
4.32 Gb Paging File | 3.33 Gb Available in Paging File | 77.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.19 Gb Total Space | 16.99 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 53.64 Gb Free Space | 99.89% Space Free | Partition Type: FAT32

Computer Name: PROMAN | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"1072:TCP" = 1072:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\richard\My Documents\Downloads\FLVPlayerSetup.exe" = C:\Documents and Settings\richard\My Documents\Downloads\FLVPlayerSetup.exe:*:Enabled:InstallCore™
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Plusnet Assist\btbb\PlusnetHelpBrowser.exe" = C:\Program Files\Plusnet Assist\btbb\PlusnetHelpBrowser.exe:*:Enabled:Plusnet Assist
"C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe" = C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe:*:Enabled:Plusnet Assist Notifier


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A1CAF84-CDC8-477F-997F-800AB090EA46}" = Serif Premium Template Pack 1 for WebPlus
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{55485AA6-B3C8-4FEF-9A1E-09B7DE3DB589}" = Serif WebPlus X4 Bonus Content Pack
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65EB09A3-993B-401E-8936-C9708CBFAB26}" = FinePixViewer YTUPL
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DFD3DDA-6127-413a-83E7-5E03F17F2275}" = PS420
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0765939-76F5-48D8-82B1-8D0BBFAD0702}" = Serif PhotoPlus Starter Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB5C793D-C140-4A69-B3C2-2EE11747B4E9}" = Serif Premium Content Collection for WebPlus
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C93D1FA3-F6A7-4D66-9E3C-ADBB19D9C65D}" = Serif Premium Template Pack 2 for WebPlus
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D4FE08FD-C342-4A50-AE8B-3E9236DC20ED}" = Evoluent Mouse Manager
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface Service
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"Huawei Modems" = Huawei modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4086
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Kobeman_is1" = Alleycode HTML Editor 2.2.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel® PROSet/Wireless Software
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer Basic
"Recuva" = Recuva
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Speccy" = Speccy
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UN091222" = BUFFALO Backup Utility
"ViewpointMediaPlayer" = Viewpoint Media Player
"Viper" = Viper 3.0.04
"VLC media player" = VLC media player 1.1.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZTE USB Driver" = ZTE USB Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/05/2012 08:26:06 | Computer Name = PROMAN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 21/05/2012 08:35:41 | Computer Name = PROMAN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 21/05/2012 12:41:54 | Computer Name = PROMAN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 21/05/2012 14:02:45 | Computer Name = PROMAN | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/05/2012 14:07:57 | Computer Name = PROMAN | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 21/05/2012 16:52:40 | Computer Name = PROMAN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 22/05/2012 00:21:20 | Computer Name = PROMAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 22/05/2012 00:21:20 | Computer Name = PROMAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 22/05/2012 03:45:05 | Computer Name = PROMAN | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 14.0.6117.5001, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/05/2012 04:20:43 | Computer Name = PROMAN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 21/05/2012 12:41:59 | Computer Name = PROMAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.5 for the Network Card with network
address 0019D2C63553 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 21/05/2012 12:45:29 | Computer Name = PROMAN | Source = System Error | ID = 1003
Description = Error code 00008086, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 21/05/2012 16:53:24 | Computer Name = PROMAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 21/05/2012 16:53:24 | Computer Name = PROMAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 21/05/2012 16:53:24 | Computer Name = PROMAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 21/05/2012 16:53:24 | Computer Name = PROMAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 21/05/2012 16:53:25 | Computer Name = PROMAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 21/05/2012 16:53:25 | Computer Name = PROMAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 21/05/2012 16:55:25 | Computer Name = PROMAN | Source = System Error | ID = 1003
Description = Error code 00008086, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 22/05/2012 03:56:20 | Computer Name = PROMAN | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >
  • 0

#5
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
maliprog

and finally the OTL.Txt log

OTL logfile created on: 22/05/2012 09:56:26 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\richard\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.91% Memory free
4.32 Gb Paging File | 3.33 Gb Available in Paging File | 77.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.19 Gb Total Space | 16.99 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 53.64 Gb Free Space | 99.89% Space Free | Partition Type: FAT32

Computer Name: PROMAN | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/22 09:54:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\richard\My Documents\Downloads\OTL.scr
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\richard\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/17 01:23:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/12/10 11:25:36 | 002,756,608 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/02/01 07:45:55 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\richard\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/10/07 01:54:07 | 000,225,280 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXp.exe
PRC - [2010/10/07 01:54:05 | 001,822,720 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe
PRC - [2010/10/07 01:54:03 | 000,315,392 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Backup_Utility\BUService.exe
PRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3\3Connect\BecHelperService.exe
PRC - [2009/02/06 15:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 15:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/06/14 21:40:04 | 000,850,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/05/24 13:18:06 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/03/30 13:52:24 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/03/21 21:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 21:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/08 11:49:34 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2007/03/01 19:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/17 21:32:16 | 000,143,360 | ---- | M] (Evoluent) -- C:\Program Files\Evoluent\VMouse\EvoMouExec.exe
PRC - [2006/06/01 15:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 07:58:20 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\f00a45464b25cfc9c5c5e8fb5f4c65b8\Inkjet.Automation.ni.dll
MOD - [2012/05/11 07:58:14 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\aa9e5b16e62fd9074582fac9b222ccad\Inkjet.DeviceSettings.ni.dll
MOD - [2012/05/11 07:57:54 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 07:57:44 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\a867deed9e531e58a95d0e22c8c3b382\Inkjet.Localization.ni.dll
MOD - [2012/05/11 07:57:44 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\549e9236099ca3eac9c3f10099019459\Inkjet.Diagnostics.ni.dll
MOD - [2012/05/11 07:57:42 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\528120d87a5bbe3d0709d97017fb3217\Inkjet.Utilities.ni.dll
MOD - [2012/05/11 07:57:39 | 000,824,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\dacff62b95a3c6a4c4792e7743787777\Inkjet.Hardware.ni.dll
MOD - [2012/05/11 07:57:39 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\8a113d17ac02d8e4285ea1db21a3f286\Inkjet.Configuration.ni.dll
MOD - [2012/05/11 07:57:38 | 000,180,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\683ccae865dd1941a8ec53c781a01bdc\Inkjet.Statistics.ni.dll
MOD - [2012/05/11 07:57:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 23:44:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 23:44:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/05/10 23:43:56 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/10 23:42:00 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 23:41:42 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/10 23:40:59 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/05/10 23:40:58 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/05/10 23:40:58 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/05/10 23:40:52 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/05/04 07:17:12 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/11 16:13:11 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d0954948\system.drawing.dll
MOD - [2012/04/11 16:13:05 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5cb2673c\system.windows.forms.dll
MOD - [2012/04/11 16:12:50 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/03/28 08:18:39 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_6c825ce.dll
MOD - [2012/01/02 04:01:49 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_922cb585\mscorlib.dll
MOD - [2012/01/02 04:01:37 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_432ecd3f\system.xml.dll
MOD - [2012/01/02 04:01:22 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b1889730\system.dll
MOD - [2012/01/02 04:01:14 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/02 04:01:13 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/02 04:01:12 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2011/08/07 21:25:21 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3\3Connect\BecHelperService.exe
MOD - [2007/07/12 23:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/06/16 04:05:20 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/06/16 04:05:20 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/06/16 04:05:20 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/06/16 04:05:20 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2007/06/14 21:40:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
MOD - [2007/05/24 13:18:06 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2007/04/27 18:12:02 | 001,368,064 | ---- | M] () -- c:\Acer\Empowering Technology\eNet\eNet.dll
MOD - [2007/04/06 02:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2007/03/29 12:29:34 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2007/02/21 12:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/03/16 13:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006/01/12 10:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005/10/20 18:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 14:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 07:17:13 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/28 08:18:39 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/07 01:54:07 | 000,225,280 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXp.exe -- (BFBackupUtilityVSSService)
SRV - [2010/10/07 01:54:03 | 000,315,392 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Backup_Utility\BUService.exe -- (BFBackupUtilityService)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/02/06 15:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 15:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/03/21 21:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/01 19:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2005/11/02 15:32:02 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Unknown] -- C:\Program Files\WinPCap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\npf.sys -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1D6.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/17 01:23:58 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/04/17 01:23:58 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/04/17 01:23:58 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 17:53:08 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/08/07 21:25:21 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/02/28 14:17:06 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/28 13:34:32 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/21 15:02:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/07/21 15:02:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/07/21 15:02:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/21 10:15:42 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/27 15:00:54 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/02/06 15:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 15:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 15:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 15:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 15:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/14 09:00:15 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/07/16 22:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/05/31 04:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/29 12:27:42 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/03/29 12:27:40 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2007/03/29 12:27:40 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/02/25 07:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/12/22 19:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 19:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 19:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/12/12 00:32:20 | 000,012,288 | ---- | M] (Evoluent) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evomouflt.sys -- (evomouflt)
DRV - [2005/04/07 19:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/07/19 14:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{C75C5CBF-E2CA-40F0-B1EA-D4A034FA7C69}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 07:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 16:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/03/12 22:42:39 | 000,000,000 | ---D | M]

[2011/07/18 08:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richard\Application Data\Mozilla\Extensions
[2011/07/18 08:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richard\Application Data\Mozilla\Extensions\[email protected]
[2012/05/17 00:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\wq29r0lb.default\extensions
[2010/09/08 23:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\wq29r0lb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 09:51:14 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\wq29r0lb.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2012/05/16 23:25:51 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\wq29r0lb.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/01/03 00:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/17 00:49:27 | 001,335,949 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WQ29R0LB.DEFAULT\EXTENSIONS\[email protected]
[2011/06/13 10:59:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/04 07:17:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/28 23:17:46 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/12/28 23:17:33 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/06/13 10:59:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/04 07:17:09 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/04 07:17:09 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 07:17:09 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/04 07:17:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 07:17:09 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/12/30 01:59:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Backup Utility TaskTray Tool] C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe (BUFFALO INC.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\richard\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk = C:\WINDOWS\Installer\{D4FE08FD-C342-4A50-AE8B-3E9236DC20ED}\_3490A01862136E4A51872C.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc....kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C984BF1-7106-4DC0-80D1-B898EB0A775B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\Shell - "" = AutoRun
O33 - MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/22 08:45:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\richard\Recent
[2012/05/22 05:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\hijackthis
[2012/05/22 04:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Start Menu\Programs\HiJackThis
[2012/05/21 22:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/05/21 22:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Start Menu\Programs\Sophos
[2012/05/21 22:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ESET
[2012/05/21 15:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Application Data\Malwarebytes
[2012/05/21 15:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/21 15:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/21 15:50:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/21 15:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/21 06:59:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/05/18 15:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\pictures of steele
[2012/05/12 21:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\Steele builderdispute
[2012/05/12 21:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\dpa
[2012/05/12 21:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\Steele ciob twitter
[2012/05/12 21:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\Steele twitter Mr Survey
[2012/05/12 21:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\My Documents\Steele dampproofingblog.com
[2012/05/04 07:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/04 07:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\richard\My Documents\*.tmp files -> C:\Documents and Settings\richard\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/22 09:55:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/22 09:27:58 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
[2012/05/22 09:27:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/22 09:27:19 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/22 09:27:17 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/05/22 09:20:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/22 09:20:36 | 3210,924,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 04:47:52 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\richard\Desktop\HiJackThis.lnk
[2012/05/21 22:28:19 | 000,002,078 | ---- | M] () -- C:\Documents and Settings\richard\Desktop\Sophos Virus Removal Tool.lnk
[2012/05/21 15:50:49 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/20 13:18:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/05/19 21:04:21 | 000,311,785 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\ryan quote page 1.JPG
[2012/05/17 16:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 13:49:40 | 000,001,338 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\sam spade sleuth favicon.png
[2012/05/17 01:43:42 | 000,146,228 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\17 may dpa news.JPG
[2012/05/15 22:41:33 | 000,323,679 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\Louis J Updated Report.pdf
[2012/05/15 12:31:05 | 000,141,571 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\dpa 15 may.JPG
[2012/05/15 09:31:15 | 000,008,604 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\image protectacoat.JPG
[2012/05/15 09:10:03 | 000,138,007 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\yahoo account.JPG
[2012/05/15 08:57:21 | 000,164,678 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\CIOB protectacoat.JPG
[2012/05/12 23:09:38 | 000,169,054 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\wykamol gpi help.JPG
[2012/05/11 16:51:35 | 000,163,378 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\new bogart.JPG
[2012/05/11 07:39:31 | 000,439,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 23:41:08 | 000,752,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 23:41:08 | 000,201,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/10 00:02:42 | 000,219,997 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\tradesmen4u.JPG
[2012/05/06 18:04:49 | 000,121,397 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\c_buying_at_auction.pdf
[2012/05/03 01:23:00 | 000,167,949 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\lifecote prop ladder.JPG
[2012/04/30 17:08:17 | 000,165,340 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\blog defamation 4.JPG
[2012/04/30 17:07:36 | 000,181,894 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\blog defamation3.JPG
[2012/04/30 17:06:25 | 000,159,819 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\blog defamation 2.JPG
[2012/04/30 17:05:50 | 000,181,893 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\blog defamation 1.JPG
[2012/04/30 17:03:29 | 000,178,662 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\blog defamation rgj.JPG
[2012/04/29 14:36:12 | 001,525,812 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\Cafcass Younger MFC low res.pdf
[2012/04/29 13:48:38 | 000,237,653 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\d008-notes-eng.pdf
[2012/04/29 13:40:24 | 002,223,510 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\children seperation.pdf
[2012/04/26 12:19:30 | 000,201,395 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\ciob steele blog.JPG
[2012/04/23 06:48:59 | 000,013,215 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\ultimateplugins.com-smart-update-pinger.zip
[2012/04/23 03:26:00 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\DPC IMAGE.JPG
[2012/04/23 03:15:52 | 000,031,220 | ---- | M] () -- C:\Documents and Settings\richard\My Documents\news_dpc_too_2.jpg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\richard\My Documents\*.tmp files -> C:\Documents and Settings\richard\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/22 04:47:07 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\richard\Desktop\HiJackThis.lnk
[2012/05/21 22:28:19 | 000,002,078 | ---- | C] () -- C:\Documents and Settings\richard\Desktop\Sophos Virus Removal Tool.lnk
[2012/05/21 15:50:49 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 21:04:21 | 000,311,785 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\ryan quote page 1.JPG
[2012/05/17 13:49:40 | 000,001,338 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\sam spade sleuth favicon.png
[2012/05/17 01:43:42 | 000,146,228 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\17 may dpa news.JPG
[2012/05/15 22:41:33 | 000,323,679 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\Louis J Updated Report.pdf
[2012/05/15 12:31:05 | 000,141,571 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\dpa 15 may.JPG
[2012/05/15 09:31:15 | 000,008,604 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\image protectacoat.JPG
[2012/05/15 09:10:03 | 000,138,007 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\yahoo account.JPG
[2012/05/15 08:57:20 | 000,164,678 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\CIOB protectacoat.JPG
[2012/05/12 23:09:37 | 000,169,054 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\wykamol gpi help.JPG
[2012/05/11 16:51:35 | 000,163,378 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\new bogart.JPG
[2012/05/10 00:02:41 | 000,219,997 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\tradesmen4u.JPG
[2012/05/06 18:04:43 | 000,121,397 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\c_buying_at_auction.pdf
[2012/05/03 01:23:00 | 000,167,949 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\lifecote prop ladder.JPG
[2012/04/30 17:08:16 | 000,165,340 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\blog defamation 4.JPG
[2012/04/30 17:07:36 | 000,181,894 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\blog defamation3.JPG
[2012/04/30 17:06:25 | 000,159,819 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\blog defamation 2.JPG
[2012/04/30 17:05:50 | 000,181,893 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\blog defamation 1.JPG
[2012/04/30 17:03:28 | 000,178,662 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\blog defamation rgj.JPG
[2012/04/29 14:36:12 | 001,525,812 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\Cafcass Younger MFC low res.pdf
[2012/04/29 13:48:38 | 000,237,653 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\d008-notes-eng.pdf
[2012/04/29 13:40:24 | 002,223,510 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\children seperation.pdf
[2012/04/26 12:19:30 | 000,201,395 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\ciob steele blog.JPG
[2012/04/23 06:48:58 | 000,013,215 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\ultimateplugins.com-smart-update-pinger.zip
[2012/04/23 03:26:00 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\DPC IMAGE.JPG
[2012/04/23 03:15:51 | 000,031,220 | ---- | C] () -- C:\Documents and Settings\richard\My Documents\news_dpc_too_2.jpg
[2012/02/15 14:51:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/17 08:43:11 | 000,172,843 | ---- | C] () -- C:\WINDOWS\hppins13.dat.temp
[2011/11/16 21:56:04 | 000,000,619 | ---- | C] () -- C:\WINDOWS\System32\hppapr13.dat
[2011/09/17 21:08:52 | 000,081,106 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2011/09/17 21:08:52 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2011/09/17 21:08:42 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/08/05 15:35:30 | 000,001,056 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini
[2011/03/05 10:11:52 | 000,108,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/07 01:54:29 | 000,015,725 | ---- | C] () -- C:\WINDOWS\UN091222.INI

========== LOP Check ==========

[2008/10/10 18:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2009/03/12 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/02/12 20:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/08/01 10:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/09/15 20:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/03/21 23:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2009/02/10 18:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/12/27 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/05/21 22:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/06/04 09:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/01/04 01:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/21 21:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2011/03/03 12:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/14 09:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/10 18:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Birdstep Technology
[2008/10/10 18:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Birdstep Technology(2)
[2008/10/10 18:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Birdstep Technology(3)
[2008/10/10 18:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Birdstep Technology(4)
[2009/03/12 22:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\ESET
[2010/05/23 13:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\FUJIFILM
[2012/03/27 08:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\HTC
[2012/03/27 08:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009/02/12 21:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Nokia
[2011/06/22 22:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Nokia Multimedia Player
[2012/03/27 09:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Outlook
[2009/06/10 22:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\PC Suite
[2008/09/26 16:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Rokario
[2007/12/22 22:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\ScanSoft
[2011/04/11 22:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Serif
[2010/09/28 15:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\SmartDraw
[2011/03/21 23:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Tatara Systems
[2011/12/03 10:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Temp
[2011/07/18 08:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\TomTom
[2009/03/01 23:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Trusteer
[2012/05/22 09:27:17 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2012/03/22 04:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/05 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/05 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/05 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 07:17:09 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 07:17:09 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 07:17:09 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 07:17:09 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 07:17:09 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 07:17:09 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 07:17:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation)

< >

< >

< >

< End of report >
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SamSpadeSleuth,

Let's continue...

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    O33 - MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\Shell - "" = AutoRun
    O33 - MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\Shell\AutoRun\command - "" = F:\AutoRun.exe


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Please update your Malwarebytes and do Quick Scan. Post log after the scan.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi

I have got as far as scanning with malwarebytes and it founf a file PUP.Bundle.. I clicked 'save log' and I cant find it to send to you.

Edited by SamSpadeSleuth, 23 May 2012 - 03:26 AM.

  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can do this:

  • Start Malwarebytes
  • Click on Logs tab
  • Double click on first scan log in the list (that should be log from last scan)
  • Copy and past that log here for me.

  • 0

#9
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ok, done that thanks.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
richard :: PROMAN [administrator]

23/05/2012 09:42:58
mbam-log-2012-05-23 (09-42-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221645
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\richard\My Documents\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.

(end)
  • 0

#10
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I think this is the OTL fix?

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1caa-96f0-11dd-9aaa-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1cac-96f0-11dd-9aaa-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1cae-96f0-11dd-9aaa-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ef1caf-96f0-11dd-9aaa-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45b09a6a-94f8-11df-9ed6-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f696a9e-096c-11e0-9fa4-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0ecc462-4f58-11de-9c56-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0ecc462-4f58-11de-9c56-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0ecc462-4f58-11de-9c56-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0ecc462-4f58-11de-9c56-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b156cea6-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b156cea6-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b156cea6-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b156cea6-0924-11e0-9f9f-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b156cea9-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b156cea9-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b156cea9-0924-11e0-9f9f-0019d2c63553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b156cea9-0924-11e0-9f9f-0019d2c63553}\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\richard\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\richard\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 208896 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56516 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1358203 bytes

User: richard
->Temp folder emptied: 1990541 bytes
->Temporary Internet Files folder emptied: 936190 bytes
->Java cache emptied: 1707150 bytes
->FireFox cache emptied: 142848470 bytes
->Apple Safari cache emptied: 1498112 bytes
->Flash cache emptied: 57833 bytes

%systemdrive% .tmp files removed: 1926592 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 6601233 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246243 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 293993051 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 433.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05232012_092527

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_108.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_9ac.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
and I think this is the TDSSKiller log

11:01:56.0890 4316 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
11:01:57.0437 4316 ============================================================
11:01:57.0437 4316 Current date / time: 2012/05/23 11:01:57.0437
11:01:57.0437 4316 SystemInfo:
11:01:57.0437 4316
11:01:57.0437 4316 OS Version: 5.1.2600 ServicePack: 3.0
11:01:57.0437 4316 Product type: Workstation
11:01:57.0437 4316 ComputerName: PROMAN
11:01:57.0437 4316 UserName: richard
11:01:57.0437 4316 Windows directory: C:\WINDOWS
11:01:57.0437 4316 System windows directory: C:\WINDOWS
11:01:57.0437 4316 Processor architecture: Intel x86
11:01:57.0437 4316 Number of processors: 2
11:01:57.0437 4316 Page size: 0x1000
11:01:57.0437 4316 Boot type: Normal boot
11:01:57.0437 4316 ============================================================
11:01:57.0984 4316 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:01:57.0984 4316 ============================================================
11:01:57.0984 4316 \Device\Harddisk0\DR0:
11:01:57.0984 4316 MBR partitions:
11:01:57.0984 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x6A5F45F
11:01:57.0984 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x742595D, BlocksNum 0x6B6DE64
11:01:57.0984 4316 ============================================================
11:01:58.0031 4316 C: <-> \Device\Harddisk0\DR0\Partition0
11:01:58.0031 4316 D: <-> \Device\Harddisk0\DR0\Partition1
11:01:58.0031 4316 ============================================================
11:01:58.0031 4316 Initialize success
11:01:58.0031 4316 ============================================================
11:02:04.0843 4180 Deinitialize success
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Any problems?
  • 0

#13
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi maliprog

Still getting the BSoD. Cant use microsoft outlook. I can open it but if i try and send email it freezes and then crashes. Laptop still running slow but firefox is a bit better. My email files concern me because I cannot afford to lose them. Any more suggestions?

regards
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We will continue and try to find what is causing this. Let me know how is your system after this two steps.

Step 1

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

This step usually fix some errors related to BSOD.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#15
SamSpadeSleuth

SamSpadeSleuth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
maliprog

The first part took a considerable time but completed.

Here is the aswMBR file and attached ZIP

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 22:24:44
-----------------------------
22:24:44.765 OS Version: Windows 5.1.2600 Service Pack 3
22:24:44.765 Number of processors: 2 586 0xF02
22:24:44.765 ComputerName: PROMAN UserName:
22:24:45.218 Initialize success
22:25:24.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:25:24.937 Disk 0 Vendor: Hitachi_ SBDO Size: 114473MB BusType: 3
22:25:24.953 Disk 0 MBR read successfully
22:25:24.968 Disk 0 MBR scan
22:25:24.968 Disk 0 unknown MBR code
22:25:24.984 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 5004 MB offset 63
22:25:25.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54462 MB offset 10249470
22:25:25.031 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 55003 MB offset 121788765
22:25:25.046 Disk 0 scanning sectors +234436545
22:25:25.140 Disk 0 scanning C:\WINDOWS\system32\drivers
22:25:43.890 Service scanning
22:26:04.625 Modules scanning
22:26:15.390 Disk 0 trace - called modules:
22:26:15.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
22:26:15.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae74ab8]
22:26:15.468 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000c0[0x8ae04f18]
22:26:15.500 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ae78030]
22:26:15.515 Scan finished successfully
22:26:43.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\richard\Desktop\MBR.dat"
22:26:43.296 The log file has been saved successfully to "C:\Documents and Settings\richard\Desktop\aswMBR.txt"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP