Firefox and IE problems
-
Firefox and IE problems
Hello, i have problems with Firefox mainly but also slight problems with IE. When loading firefox i have Google as home page but it just keeps redirecting.Seems to be google analytics coming up a lot. Also other new windows keep opening in firefox. Could not even get on D-A-L on firefox without it keeps redirecting, one site seems to be epoclick it keeps going to. Ran spybot and comodo but nothing comes up apart from what seems to be general stuff on spybot. Also noticed when i run malawarebytes it does not want to update(error message) even after uninstalling and re install.Will have to put logs up over a few posts as it keeps timing out on IE and i cannot log on on firefox.
here are all logs after following instructions:
-
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
17/10/2010 07:28:14
mbam-log-2010-10-17 (07-28-14).txt
Scan type: Quick scan
Objects scanned: 124385
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER:
GMER 1.0.15.15319 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2010-10-17 07:33:18
Windows 6.0.6002 Service Pack 2
Running: download[1].exe; Driver: C:\Users\Neil\AppData\Local\Temp\kwldqpod.sys
---- System - GMER 1.0.15 ----
Code 9018FCC8 ZwCreateSection
Code 87B533F0 ZwDuplicateObject
Code 9018FB98 ZwSetInformationFile
Code 9018FE80 ZwWriteFile
Code 9018FCC7 NtCreateSection
Code 87B533EF NtDuplicateObject
Code 9018FB97 NtSetInformationFile
Code 9018FE7F NtWriteFile
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device 87B53018
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
MBR:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L350
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 158):
0x82E06000 \SystemRoot\system32\ntkrnlpa.exe
0x831BF000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80728000 \SystemRoot\system32\drivers\volmgr.sys
0x80737000 \SystemRoot\System32\drivers\volmgrx.sys
0x80781000 \SystemRoot\System32\drivers\mountmgr.sys
0x80791000 \SystemRoot\system32\DRIVERS\pciide.sys
0x80798000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88602000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x886D0000 \SystemRoot\system32\drivers\atapi.sys
0x886D8000 \SystemRoot\system32\drivers\ataport.SYS
0x886F6000 \SystemRoot\system32\drivers\msahci.sys
0x88700000 \SystemRoot\system32\drivers\fltmgr.sys
0x88732000 \SystemRoot\system32\drivers\fileinfo.sys
0x88742000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8874B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x887BC000 \SystemRoot\System32\Drivers\DefragFS.sys
0x8880C000 \SystemRoot\system32\drivers\ndis.sys
0x88917000 \SystemRoot\system32\drivers\msrpc.sys
0x88942000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A03000 \SystemRoot\System32\drivers\tcpip.sys
0x88AED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D10000 \SystemRoot\system32\drivers\volsnap.sys
0x88D49000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88D4E000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x88D91000 \SystemRoot\System32\Drivers\spldr.sys
0x88D99000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x88DA7000 \SystemRoot\System32\Drivers\USBD.SYS
0x88DA9000 \SystemRoot\System32\Drivers\mup.sys
0x88DB8000 \SystemRoot\System32\drivers\ecache.sys
0x88DDF000 \SystemRoot\system32\drivers\disk.sys
0x88B08000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88DF0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8CAD0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8CADB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8CAE4000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8CAEC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CAFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CC0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D2EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D38F000 \SystemRoot\System32\drivers\watchdog.sys
0x8D39B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D3A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D3E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CAFF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CB8C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D607000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D6EB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D6FE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D709000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D738000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D743000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8D747000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D75F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D765000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D794000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D7D5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D7E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D3F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CBAD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CBD0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CBDF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88B36000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CBF3000 \SystemRoot\system32\DRIVERS\rp_skt32.sys
0x88B4B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88B5B000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys
0x88B69000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x88B86000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8D7F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x88BAC000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88BD6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8897D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88BE3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DC00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x889B2000 \SystemRoot\system32\drivers\portcls.sys
0x887D0000 \SystemRoot\system32\drivers\drmk.sys
0x8DE0F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8DF2B000 \SystemRoot\system32\drivers\modem.sys
0x8DF38000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x8DF5B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DF64000 \SystemRoot\System32\Drivers\Null.SYS
0x8DF6B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DF72000 \SystemRoot\System32\drivers\vga.sys
0x8DF7E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DF9F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DFA7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DFAF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DFBA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DFC8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DFD1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DFE7000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x889DF000 \SystemRoot\system32\DRIVERS\smb.sys
0x807A6000 \SystemRoot\system32\drivers\afd.sys
0x805BE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E802000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E818000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x8E81D000 \SystemRoot\system32\DRIVERS\inspect.sys
0x8E832000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E840000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8E846000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E859000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8E867000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E87E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E8BA000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x8E8E3000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x8E8EB000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\19917\RapportCerberus_19917.sys
0x8E8F3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E914000 \??\C:\Windows\system32\drivers\RapportBuka.sys
0x8E974000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E97E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E995000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CA00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x994D0000 \SystemRoot\System32\win32k.sys
0x8E9A2000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x996F0000 \SystemRoot\System32\TSDDD.dll
0x99710000 \SystemRoot\System32\cdd.dll
0x8E9BB000 \SystemRoot\system32\drivers\luafv.sys
0xACC0B000 \SystemRoot\system32\drivers\spsys.sys
0xACCBB000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0xACCEB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xACCFB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xACD25000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xACD2F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xACD42000 \SystemRoot\system32\drivers\HTTP.sys
0xACDAF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xACDCC000 \SystemRoot\system32\DRIVERS\bowser.sys
0xACDE5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8E9D6000 \SystemRoot\system32\drivers\mrxdav.sys
0xAE20F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE22E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE267000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE27F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE2A7000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE2F5000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xAE3C0000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAEE0E000 \SystemRoot\system32\drivers\peauth.sys
0xAEEEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAEEF6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAEF02000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAEF20000 \??\C:\Users\Neil\AppData\Local\Temp\kwldqpod.sys
0x77C00000 \Windows\System32\ntdll.dll
Processes (total 87):
0 System Idle Process
4 System
612 C:\Windows\System32\smss.exe
752 csrss.exe
796 C:\Windows\System32\wininit.exe
808 csrss.exe
844 C:\Windows\System32\services.exe
864 C:\Windows\System32\lsass.exe
872 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\winlogon.exe
1064 C:\Windows\System32\svchost.exe
1116 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
1172 C:\Windows\System32\svchost.exe
1216 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1308 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1428 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1584 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\audiodg.exe
1756 C:\Windows\System32\svchost.exe
1800 C:\Windows\System32\SLsvc.exe
1840 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\wlanext.exe
1288 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\agrsmsvc.exe
840 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2064 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2080 C:\Program Files\Bonjour\mDNSResponder.exe
2100 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2132 C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
2288 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
2308 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2428 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
2520 C:\Windows\System32\IoctlSvc.exe
2540 C:\Windows\System32\svchost.exe
2556 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2584 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2652 C:\Windows\System32\svchost.exe
2708 C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
2872 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2912 C:\Windows\System32\TODDSrv.exe
2940 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3016 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
3040 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3072 C:\Windows\System32\svchost.exe
3092 C:\Windows\System32\SearchIndexer.exe
3188 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2072 C:\Windows\System32\taskeng.exe
3088 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
3520 C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
4020 C:\Windows\System32\dwm.exe
3792 C:\Windows\System32\taskeng.exe
2484 C:\Windows\explorer.exe
2256 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3808 C:\Program Files\Windows Defender\MSASCui.exe
4092 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3632 C:\Windows\System32\hkcmd.exe
1096 C:\Windows\RtHDVCpl.exe
3512 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3216 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2888 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3536 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3508 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1276 C:\Program Files\iTunes\iTunesHelper.exe
4252 C:\Program Files\Windows Sidebar\sidebar.exe
4260 C:\Windows\System32\igfxsrvc.exe
4300 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
4352 C:\Windows\ehome\ehtray.exe
4384 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
4492 C:\Windows\System32\igfxext.exe
4836 C:\Windows\ehome\ehmsas.exe
5056 C:\Program Files\iPod\bin\iPodService.exe
5900 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5968 C:\Windows\System32\wuauclt.exe
6088 C:\Program Files\Windows Media Player\wmpnetwk.exe
5000 C:\Program Files\Internet Explorer\iexplore.exe
6032 C:\Program Files\Internet Explorer\iexplore.exe
4048 C:\Windows\System32\Macromed\Flash\FlashUtil10h_Ac tiveX.exe
4944 C:\Program Files\Internet Explorer\iexplore.exe
5592 C:\Windows\System32\SearchProtocolHost.exe
5160 C:\Windows\System32\SearchFilterHost.exe
4068 dllhost.exe
3476 dllhost.exe
4636 C:\Users\Neil\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`f5700000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC43C
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
-
OTL:
OTL logfile created on: 17/10/2010 07:38:13 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Neil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 20.50 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 67.68 Gb Free Space | 92.44% Space Free | Partition Type: NTFS
Computer Name: NEIL-PC | User Name: Neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/10/17 07:37:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/28 17:09:57 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/28 17:09:55 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/08/07 17:54:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/25 14:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/24 10:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 11:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/28 07:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2008/04/28 07:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 10
56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/27 14:02:48 | 000,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/12/19 13:45:16 | 000,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
========== Modules (SafeList) ==========
MOD - [2010/10/17 07:37:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb7 2f2a088b0ed3\comctl32.dll
MOD - [2010/02/04 18:47:35 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/11/14 11:10:26 | 000,123,392 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/28 17:09:55 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/11/14 11:10:26 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/28 07:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/04/28 07:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2008/04/24 1056 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/27 14:02:48 | 000,177,448 | R--- | M] (Authentium, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe -- (dvpapi)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/05 14:09:38 | 000,293,104 | ---- | M] (Virgin Media) [Auto | Stopped] -- C:\Program Files\Virgin Broadband\PCguard\Fws.exe -- (RP_FWS)
SRV - [2006/12/19 13:45:16 | 000,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - [2010/10/03 23:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/02/24 15:16:30 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2010/02/04 18:47:34 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/28 17:10:21 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/01/28 17:10:08 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/09 0418 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/05/13 15:32:19 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2009/04/10 21:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/06/12 17:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/25 06:38:22 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/09 17:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 17:26:08 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 17:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/26 16:33:52 | 000,835,792 | ---- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\css-dvp.sys -- (CSS DVP)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/02/20 14:07:56 | 000,005,632 | R--- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB
fficial"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={E55D7A73-C893-598F-5AC7-E0C14C8468CD}&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/12 19:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/12 19:16:29 | 000,000,000 | ---D | M]
[2009/05/13 14:09:37 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Extensions
[2010/10/16 21:30:10 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\extensions
[2010/04/28 17:01:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/07 14:06:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/16 11:32:42 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\extensions\firefox@ghostery. com
[2009/06/25 0929 | 000,005,407 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\searchplugins\fast-browser-search.xml
[2010/10/16 21:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 16:51:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 15:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 11:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/30 14:03:49 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/10/16 18:28:06 | 000,421,702 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14566 more lines...
O2 - BHO: (no name) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Value error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/10/17 07:37:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
[2010/10/17 07:06:16 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Neil\Desktop\TFC.exe
[2010/10/16 15:10:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/16 15:10:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/16 15:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/16 11:25:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/16 11:25:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/16 11:25:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/15 16:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lecsoft
[2010/10/14 17:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\E.ON Energy
[2010/10/14 14:37:44 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 14:35:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 14:33:45 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 14:33:35 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 14:33:32 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 14:32:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 14:32:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 14:32:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 14:32:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 14:32:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 14:32:16 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 14:32:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 14:32:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 14:32:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 14:32:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 14:32:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 14:32:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 14:32:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 14:32:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 14:32:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 14:32:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 14:32:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 14:31:49 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 14:31:37 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 14:31:26 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/09 10:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/05 08:23:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/03 23:43:44 | 000,059,240 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
========== Files - Modified Within 30 Days ==========
[2010/10/17 07:40:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C101944-2F0E-44AE-9523-315724FE4094}.job
[2010/10/17 07:37:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
[2010/10/17 07:34:40 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/10/17 07:34:29 | 000,080,384 | ---- | M] () -- C:\Users\Neil\Desktop\MBRCheck.exe
[2010/10/17 07:16:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 07:15:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 07:15:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 07:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 07:06:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\TFC.exe
[2010/10/17 06:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/16 21:20:03 | 000,001,356 | ---- | M] () -- C:\Users\Neil\AppData\Local\d3d9caps.dat
[2010/10/16 18:28:06 | 000,421,702 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/16 15:10:32 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 10:16:39 | 000,421,702 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101016-182806.backup
[2010/10/15 16:45:23 | 000,001,004 | ---- | M] () -- C:\Users\Neil\Desktop\2382 Exam Simulator Demo.lnk
[2010/10/15 16:15:32 | 000,001,933 | ---- | M] () -- C:\Users\Neil\Desktop\17th Edition Wiring Regulations Practice Series - Trial.lnk
[2010/10/15 13:40:54 | 000,487,481 | ---- | M] () -- C:\Users\Neil\Documents\elec pic.exp
[2010/10/15 13:25:50 | 000,655,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/15 13:25:50 | 000,127,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/14 18
01 | 000,421,702 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101016-101638.backup
[2010/10/14 17:25:12 | 000,002,000 | ---- | M] () -- C:\Users\Neil\Desktop\E.ON Energy Fit Software.lnk
[2010/10/14 17:09:02 | 000,431,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 19:16:32 | 000,001,713 | ---- | M] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/12 19:16:32 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/12 19:03:05 | 000,420,902 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101014-185601.backup
[2010/10/10 10:51:48 | 000,088,576 | ---- | M] () -- C:\Users\Neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 10:38:59 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
========== Files Created - No Company Name ==========
[2010/10/17 07:33:56 | 000,080,384 | ---- | C] () -- C:\Users\Neil\Desktop\MBRCheck.exe
[2010/10/16 15:10:32 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 16:45:23 | 000,001,004 | ---- | C] () -- C:\Users\Neil\Desktop\2382 Exam Simulator Demo.lnk
[2010/10/15 16:15:33 | 000,019,338 | ---- | C] () -- C:\Users\Neil\athena.log
[2010/10/15 16:15:32 | 000,001,933 | ---- | C] () -- C:\Users\Neil\Desktop\17th Edition Wiring Regulations Practice Series - Trial.lnk
[2010/10/15 13:38:54 | 000,487,481 | ---- | C] () -- C:\Users\Neil\Documents\elec pic.exp
[2010/10/14 17:25:12 | 000,002,000 | ---- | C] () -- C:\Users\Neil\Desktop\E.ON Energy Fit Software.lnk
[2010/10/09 10:38:59 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/04 17:03:52 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/06 14:55:12 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/11/04 17:28:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/01 16:00:44 | 000,000,252 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/09 1106 | 000,000,008 | ---- | C] () -- C:\Windows\System32\WBHelps212.dll
[2009/10/08 12:45:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/21 11:02:52 | 000,000,008 | ---- | C] () -- C:\Windows\System32\WBHelps21.dll
[2009/08/14 02:06:03 | 000,001,356 | ---- | C] () -- C:\Users\Neil\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/28 17:37:54 | 000,001,024 | ---- | C] () -- C:\ProgramData\x8sjw.sen
[2009/07/28 17:00:44 | 000,000,386 | ---- | C] () -- C:\Windows\pdf2word.INI
[2009/05/16 11:17:46 | 000,088,576 | ---- | C] () -- C:\Users\Neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/13 13:42:54 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/05/13 13:42:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/05/13 13:42:54 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/05/13 13:42:54 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/07 17:37:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/07 17:37:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/07 17:37:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/07 17:37:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/07 17:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 17:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 16:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/20 14:07:56 | 000,005,632 | R--- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\Windows\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/07 15:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/07/10 12:01:34 | 000,776,160 | ---- | M] () -- C:\CDST.TRK
[2009/08/04 00:01:22 | 000,111,278 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/14 15:33:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/14 15:33:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/10 12:19:28 | 000,000,005 | ---- | M] () -- C:\msie.inf
[2010/10/17 07:14:41 | 2322,862,080 | -HS- | M] () -- C:\pagefile.sys
[2009/05/13 13:38:47 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2009/02/05 10:46:27 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT
< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/08 12:51:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/15 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8Z. DLL
[2007/04/15 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8Z. DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.d ll
[2006/10/26 1912 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr .dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/12 12:45:00 | 000,000,350 | -HS- | M] () -- C:\Users\Neil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/10/17 07:34:29 | 000,080,384 | ---- | M] () -- C:\Users\Neil\Desktop\MBRCheck.exe
[2010/10/17 07:37:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
[2010/10/17 07:06:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\TFC.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/10/08 13:08:48 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/05/13 13:37:29 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/05/13 13:37:29 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/10/08 13:08:18 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. fashion & modeling forum >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/13 07:44:11 | 000,000,402 | -HS- | M] () -- C:\Users\Neil\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2009/07/28 17:39:11 | 000,001,024 | ---- | M] () -- C:\ProgramData\x8sjw.sen
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP
1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AF4CCAAD
< End of report >
OTL EXTRAS:
OTL Extras logfile created on: 17/10/2010 07:38:13 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Neil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 20.50 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 67.68 Gb Free Space | 92.44% Space Free | Partition Type: NTFS
Computer Name: NEIL-PC | User Name: Neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [compress] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{09329ACC-288A-472E-86F2-C71D2E3BC9D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{134CB402-9A34-4095-9A46-C4B385AF810A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E3B52A1-5A54-4CEA-8B33-A92EF21A78A8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3093DB14-7CF7-413F-80A5-79705AFAA98D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{32E57411-F381-41F7-9A2A-A1FF7BFB2A4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{367B8741-255A-4D6D-A8D0-B1E4D0AB8DBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4932665F-F325-4A1A-B2D8-7A4F01DC27D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{55D0AC97-AD7B-4A23-BF03-97C0E8354481}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5A4A8A20-B5A1-4373-AED0-993D754C282F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FC09A59-CE5C-4F38-B853-ED4566A1D9A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DDE99B3-A199-4164-8942-63F1963860D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6F8F4BD9-CC5F-42BE-AC22-95CFAC734588}" = lport=2869 | protocol=6 | dir=in | app=system |
"{721050DC-C808-430D-A047-8EA5BEFBE3B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{73F6FB7B-4C68-4F65-A448-67EA2E481130}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7DB825A1-6910-4EF6-AB8A-98C2A983A106}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{807EE2EC-6C70-4C5F-8D08-E6A9754BFAFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82D0F0B0-1910-4E45-9684-57BB8140C4EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{940D7BAF-DEFB-4595-B4E6-3681052202C9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1FA7F0B-7ADC-45F6-AE64-EB960EFAEB43}" = lport=138 | protocol=17 | dir=in | app=system |
"{A28EC720-F79B-4D9B-8C4D-AC8451338342}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C4B9B120-62B4-43CE-AC89-0D7EC71E004F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1799673-ED70-4E56-A576-6B88A175D9BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{D997BD6F-3A45-4976-A293-A91C81EF96DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2D54D6C-1FF0-49C0-979D-120866279AE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF035024-D963-43C5-B6AE-E668B830A247}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1350D7D-06DA-41E9-AE73-320151F08066}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2EB2F47-5D2D-4BE9-80EA-F8F0FBF6F324}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F35FEDA4-00DE-48AB-AFC5-24179F169EF1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{02054790-ABDB-439E-8BE1-47D5F74E5AAF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0851479E-1D73-4252-84A0-AA7A768668F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{117F8F8D-D32F-4C3F-AF34-7EAAAB491595}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11EF0BD2-3045-40F5-9081-3D00A170ECE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1DE7E35F-F526-42AC-8DEF-FB71BC0C665A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2291A021-2382-4EF8-AD7B-0A2ED3312746}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{394CB8F3-D1F3-4B15-9D60-2FD10B12B13A}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{3B3BA2F2-F37D-4D2A-A6DD-398A65A421FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F407E4A-D499-4DD8-81AB-ABAB2C72F111}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72B6594B-69FF-4FA3-BA95-C8564B1EA7E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8342698D-DE85-49A0-9969-AA5B44B490FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8AB3D121-F950-4D3E-8CC4-26529B40C560}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B2857CE-E31B-4941-8916-348D3E8EA0B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B73ABC9-BFE8-41E6-9CAB-816E723182D7}" = protocol=6 | dir=in | app=c:\program files\niceic\gas certification\clupdate.exe |
"{943BEE7A-3C67-4A60-8346-EADFCB7C900E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{987BB3F7-E5B0-4F50-8C4B-03CCE2E944AE}" = protocol=17 | dir=in | app=c:\program files\niceic\gas certification\clupdate.exe |
"{A17EDC79-BD13-4C4A-A3D9-22D85EE1EEA5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6EBB8D5-B3E7-45EA-8B0F-10F597BD16B0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AA42C62E-7E92-4E6C-9DB7-2D92E04A0770}" = protocol=6 | dir=out | app=system |
"{B10B4AD7-4116-4024-82AD-0A8DA4FF0ECC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C091BBDA-3E3C-4BCD-A8C9-68241F38841C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4AC90BB-7964-44FF-9F41-754B3B70FDF7}" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{C62B787C-8182-4667-AF9B-4EC3E75549E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C83F90B7-33F0-43BF-9E7A-0BEEF5FA7EE3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBA870D2-A54D-4C8D-98F7-C444E333C32E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBE1A082-D610-4818-ABCB-6BA03721BAE1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CEFAAA43-7292-4D5F-A5B9-23D2A20D78F9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFB8F5AF-480E-4156-8107-5B70795842CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F132939C-A0E6-4059-959E-73CFE4EBAA6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9154DA6-F58F-4E10-BA19-617D9F665AD2}" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{68F4D562-3C65-4A09-A84E-5F3E79138196}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{826EC37F-0E3F-4C8C-9863-2D085EA48329}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9D82A143-B4C3-482D-8ABC-B3E15ED19EB9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FC67EE35-E387-41AF-AD78-B5BF228292F9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{07DA3095-D3B7-41CD-A183-31BB4E06DAC8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{133815ED-2101-4602-B91D-965F1EFA0FFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4ECD070B-9DF1-4F24-9DA9-D7834B4BB798}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{BCB5C1DD-9A3B-42F6-8F33-160EBF98D4E7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CD96FEC-CE8D-4DF4-A6FD-C6D6F2D96C6C}" = E.ON Energy Fit Software
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806}_is1" = AnyBizSoft PDF Password Remover (Build 1.0.4)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5499A827-E4C8-49B8-8462-4C0E5CA976A5}" = ConstructionSkills
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FAB7996-AB27-475E-9DCE-6ED959FC2798}" = Clik NICEIC Font Installer
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C70EF769-8296-4ED0-966F-D624BC6D4927}" = Authentium AntiVirus SDK - 2
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0A7B518-1D1F-4F72-B71A-7E61F1CCA496}" = NICEIC Certification Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC8695D3-2378-4A5D-B38B-89D53AA1FA38}" = CDMenuPro V6
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"2382 Exam Simulator Demo" = 2382 Exam Simulator Demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"COMODO Internet Security" = COMODO Internet Security
"DVD Flick_is1" = DVD Flick 1.3.0.7
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Free MP3 to CD Converter & Burner (by minidvdsoft)_is1" = Free DVD ISO Burner version 2.5
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"PowerISO" = PowerISO
"PROR" = Microsoft Office Professional 2007 Trial
"Rapport_msi" = Rapport
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"17th Edition Wiring Regulations Practice Series - Trial" = 17th Edition Wiring Regulations Practice Series - Trial
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16/06/2010 10:28:05 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 16/06/2010 10:30:33 | Computer Name = Neil-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 16/06/2010 10:30:53 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 16/06/2010 10:30:53 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 16/06/2010 10:30:59 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 16/06/2010 10:31:00 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 16/06/2010 10:31:05 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 16/06/2010 10:31:05 | Computer Name = Neil-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 16/06/2010 10:31:45 | Computer Name = Neil-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 16/06/2010 11:14:44 | Computer Name = Neil-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ OSession Events ]
Error - 12/10/2009 15:58:07 | Computer Name = Neil-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 12/10/2009 16:26:47 | Computer Name = Neil-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
[ System Events ]
Error - 04/08/2009 08:30:21 | Computer Name = Neil-PC | Source = HTTP | ID = 15016
Description =
Error - 04/08/2009 10:26:12 | Computer Name = Neil-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:20:12 on 04/08/2009 was unexpected.
Error - 04/08/2009 10:26:14 | Computer Name = Neil-PC | Source = HTTP | ID = 15016
Description =
Error - 04/08/2009 12:04:38 | Computer Name = Neil-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 04/08/2009 13:36:04 | Computer Name = Neil-PC | Source = DCOM | ID = 10010
Description =
Error - 04/08/2009 13:37:29 | Computer Name = Neil-PC | Source = HTTP | ID = 15016
Description =
Error - 04/08/2009 15:10:10 | Computer Name = Neil-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 04/08/2009 15:10:31 | Computer Name = Neil-PC | Source = DCOM | ID = 10010
Description =
Error - 05/08/2009 02:50:14 | Computer Name = Neil-PC | Source = DCOM | ID = 10010
Description =
Error - 05/08/2009 12:29:38 | Computer Name = Neil-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:25:32 on 05/08/2009 was unexpected.
< End of report >
Any help appretiated
-
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Hello. here is combofix results, hope i got all things disabled:
ComboFix 10-10-16.04 - Neil 17/10/2010 19:09:47.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.901 [GMT 1:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ESQULzxspectrum
E:\install.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.
2010-10-17 18:42 . 2010-10-17 18:43 -------- d-----w- c:\users\Neil\AppData\Local\temp
2010-10-17 18:42 . 2010-10-17 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-16 14:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 14:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 14:10 . 2010-10-16 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 15:45 . 2010-10-15 15:45 -------- d-----w- c:\program files\Lecsoft
2010-10-15 11:26 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{576AAC78-61AE-4E0D-AF8F-609DAD955738}\mpengine.dll
2010-10-14 16:25 . 2010-10-14 16:25 -------- d-----w- c:\program files\E.ON Energy
2010-10-14 13:37 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 13:37 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 13:35 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 13:35 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 13:35 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 13:35 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 13:35 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 13:34 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 13:33 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 13:33 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 13:33 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 13:33 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 13:33 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 13:31 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 13:31 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 13:31 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 13:31 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-09 09:38 . 2010-10-09 09:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-05 07:23 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-05 07:18 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-14 10:10 . 2009-11-14 10:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-07 68856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-17 327472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleD esktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3. dll c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Neil^AppData^Roaming ^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 10:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 11:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-17 19:34 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-14 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S0 RapportKELL;RapportKELL;c:\windows\System32\Driver s\RapportKELL.sys [2010-10-03 59240]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-04 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-01-28 29520]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 RapportBuka;RapportBuka;c:\windows\system32\driver s\RapportBuka.sys [2010-02-24 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\pro gramdata\Trusteer\Rapport\store\exts\RapportCerber us\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 11:49]
2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 11:49]
2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{0C101944-2F0E-44AE-9523-315724FE4094}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - The UK's Online Marketplace
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.co.uk: Low Prices in Electronics, Books, Sports Equipment & more
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={E55D7A73-C893-598F-5AC7-E0C14C8468CD}&q=
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,fa,b5 ,07,0f,5b,76,4f,88,39,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,fa,b5 ,07,0f,5b,76,4f,88,39,30,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\guard32.dll
.
Completion time: 2010-10-17 19:49:08
ComboFix-quarantined-files.txt 2010-10-17 18:49
ComboFix2.txt 2009-08-03 23:01
ComboFix3.txt 2009-07-13 19:25
ComboFix4.txt 2009-07-13 19:06
ComboFix5.txt 2010-10-17 18:05
Pre-Run: 22,144,106,496 bytes free
Post-Run: 21,949,730,816 bytes free
- - End Of File - - C6CE11125849C7A5ECCABF44AFB03661
-
Looks clean.
Now, your security settings are unclear to me.
I can see:
- COMODO Internet Security
- Radialpoint Security Services Virgin Broadband PCguard
What are your current AV and firewall programs?
-
Using comodo for both after last problem with AV on your recomendation. Tried to get rid of Radialpoint Virgin but can never seem to get to the bottom of it?
-
OK. We'll get rid of it manually.
Re-run OTL "Quick scan" and post fresh log.
-
Still does not seem to have solved problems in firfox. When i open firefox it just shows: Firefox has detected that the server is redirecting the request for this address in a way that will never complete. Also when i open firefox and go to d-a-l and then click on forums to sign in the page comes up for a second and then i just get http://www.d-a-l.com/help/forum.php in the tab page and the timing circle and in the bottom left: waiting for Google Analytics | Official Website. Seems to be ok on other pages when i do a search and then click on the searched items it seems to take me to the pages now unlike before. and IE does not seem to open a second window like before.
-
No better still, cant get onto d-a-l on firefox and again when i open IE up and then d-a-l then click on forums i get a new window opening in IE http://www.epoclick.com/?ad=1287343833. Then when you click on that another window opens http://informharry.com/default.php?s...er&subid=24598
and so on.
Full Member
