Stubborn infected file plus other random symptoms - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 43

Thread: Stubborn infected file plus other random symptoms

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    'Illegal operation attempted on a registry key that has been marked for deletion'
    Restart computer and it'll fix the issue.

    ===================================================================

    You're running two AV programs.
    One them has to go.
    If AVG, use AVG Remover: http://www.avg.com/us-en/download-tools
    If Norton, use Norton Removal Tool: http://us.norton.com/support/kb/web_...080710133834EN

    ================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.


    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    C:\Users\Michelle\Desktop\Alsmemorycard
    
    Driver::
    F-Secure Standalone Minifilter

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

  2. #17
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    ComboFix.txt (Post 1 of 2)

    ComboFix 10-09-23.01 - Michelle 24/09/2010 8:59.5.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2133 [GMT 1:00]
    Running from: c:\users\Michelle\Desktop\ComboFix.exe
    Command switches used :: c:\users\Michelle\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Michelle\Desktop\Alsmemorycard
    c:\users\Michelle\Desktop\Alsmemorycard\29042006002.3gp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_F-SECURE_STANDALONE_MINIFILTER
    -------\Service_F-Secure Standalone Minifilter


    ((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
    .

    2010-09-24 08:07 . 2010-09-24 08:13 -------- d-----w- c:\users\Michelle\AppData\Local\temp
    2010-09-24 08:07 . 2010-09-24 08:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-09-24 08:07 . 2010-09-24 08:07 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-24 08:07 . 2010-09-24 08:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-20 19:57 . 2010-09-20 19:57 93056 ----a-w- C:\uwlcqkow.sys
    2010-09-17 18:33 . 2010-09-17 18:33 -------- d-----w- c:\program files\FileASSASSIN
    2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
    2010-09-17 18:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 18:23 . 2010-09-20 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\programdata\Malwarebytes
    2010-09-17 18:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 14:19 . 2010-09-17 14:19 -------- d-----w- c:\program files\AVG
    2010-09-17 14:18 . 2010-09-24 07:38 -------- d-----w- c:\programdata\avg9
    2010-09-15 19:03 . 2010-09-16 00:03 -------- d-----w- c:\windows\LMID291.tmp
    2010-09-15 16:00 . 2010-09-15 16:00 -------- d-----w- c:\windows\system32\N360_BACKUP
    2010-09-15 12:42 . 2010-09-15 12:42 -------- d-----w- c:\users\Michelle\AppData\Roaming\App Launcher Gadget
    2010-09-15 11:57 . 2010-09-18 16:08 -------- d-----w- c:\users\Michelle\desktop icons
    2010-09-15 11:46 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-15 11:46 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-15 11:46 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-15 11:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-14 20:26 . 2010-09-14 20:26 -------- d-----w- c:\programdata\PC Tools
    2010-09-14 18:29 . 2010-09-15 19:22 -------- d-----w- c:\users\Michelle\AppData\Local\NPE
    2010-09-14 18:27 . 2010-09-15 11:40 -------- d-----w- c:\windows\LMI57EF.tmp
    2010-09-09 17:53 . 2010-09-09 17:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-09-02 14:53 . 2010-09-02 14:53 -------- d-----w- c:\program files\iPod
    2010-09-02 14:53 . 2010-09-02 14:54 -------- d-----w- c:\program files\iTunes
    2010-08-30 19:43 . 2010-08-30 19:43 -------- d-----w- c:\program files\Common Files\Skype
    2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\Adobe Mini Bridge CS5
    2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2010-08-29 12:00 . 2010-08-29 12:19 1228400 ----a-w- c:\users\Michelle\Photoshop_12_LS1.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-24 08:11 . 2009-11-17 14:15 35189 ----a-w- c:\programdata\nvModes.dat
    2010-09-24 08:11 . 2010-06-29 10:14 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-18 21:25 . 2009-07-08 11:06 -------- d-----w- c:\users\Michelle\AppData\Roaming\uTorrent
    2010-09-16 20:01 . 2009-12-29 14:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\Media Player Classic
    2010-09-15 21:24 . 2009-08-05 12:25 -------- d-----w- c:\users\Michelle\AppData\Roaming\Winamp
    2010-09-15 21:24 . 2009-03-21 07:23 -------- d-----w- c:\program files\Microsoft Works
    2010-09-15 21:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-09-14 20:27 . 2010-09-14 20:26 76704968 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe
    2010-09-14 18:29 . 2009-03-21 07:45 -------- d-----w- c:\programdata\Norton
    2010-09-11 18:54 . 2009-07-08 10:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\Vso
    2010-09-10 11:28 . 2010-06-29 10:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-09-10 11:28 . 2010-09-10 11:28 53632 ----a-w- c:\users\Michelle\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-09-09 13:13 . 2010-06-29 10:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-09-06 11:16 . 2009-03-21 07:31 -------- d-----w- c:\program files\Google
    2010-09-06 11:13 . 2009-07-08 08:54 -------- d-----w- c:\program files\CCleaner
    2010-09-02 14:53 . 2009-08-11 20:35 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-02 14:48 . 2010-09-02 14:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
    2010-08-30 22:28 . 2009-08-23 20:51 -------- d-----w- c:\users\Michelle\AppData\Roaming\Skype
    2010-08-30 19:40 . 2009-08-12 23:00 -------- d-----w- c:\users\Michelle\AppData\Roaming\skypePM
    2010-08-29 12:38 . 2009-03-21 07:42 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-29 11:47 . 2010-08-29 13:28 167 ----a-w- c:\programdata\Adobe\CS5\jre\Disable Activation.cmd
    2010-08-20 12:19 . 2009-07-20 11:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\vlc
    2010-08-20 08:53 . 2009-07-08 11:07 -------- d-----w- c:\program files\uTorrent
    2010-08-19 15:15 . 2010-08-19 15:14 -------- d-----w- c:\program files\QuickTime
    2010-08-13 10:15 . 2010-08-13 10:06 680 ----a-w- c:\users\Michelle\AppData\Local\d3d9caps.dat
    2010-08-12 08:58 . 2010-08-12 08:58 -------- d-----w- c:\programdata\F-Secure
    2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\FileOpen
    2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\programdata\FileOpen
    2010-08-08 19:58 . 2010-08-08 19:58 14846 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
    2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\program files\FileOpen
    2010-08-05 21:01 . 2010-08-05 21:01 -------- d-----w- c:\program files\7-Zip
    2010-07-28 20:14 . 2009-07-07 19:49 -------- d-----w- c:\programdata\FLEXnet
    2010-07-18 21:00 . 2010-02-19 20:26 294060 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-07 13:26 . 2009-07-07 18:05 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-06-29 10:25 . 2010-06-29 10:15 1228360 ----a-w- c:\users\Michelle\InDesign_7_LS1.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files\AddThis Toolbar\Helper.dll" [2009-10-08 242688]

    [HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
    2009-10-08 16:20 1437184 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]

    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]

    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StupAssist.lnk
    backup=c:\windows\pss\StupAssist.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
    backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FujiKeyboard]
    2008-09-18 09:13 79416 ----a-w- c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-03-26 05:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-11-02 10:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 135664]
    R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
    R4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
    S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-06-27 96512]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [2010-08-31 692272]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100923.001\IDSvix86.sys [2010-05-28 344112]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
    S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]

    2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]

    2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{DD27CBEB-6AA0-426C-BA3D-652FFABF076C}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .

  3. #18
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    ComboFix.txt (Post 2 of 2)

    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://uk.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
    FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-24 09:13
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(356)
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\HidService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\WUDFHost.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-24 09:20:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-24 08:20
    ComboFix2.txt 2010-09-22 22:55
    ComboFix3.txt 2010-09-22 22:29
    ComboFix4.txt 2010-09-22 17:25
    ComboFix5.txt 2010-09-24 07:56

    Pre-Run: 359,169,298,432 bytes free
    Post-Run: 358,641,176,576 bytes free

    - - End Of File - - 038858F6A3E5B602A2A54CF218493BCE

  4. #19
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    And YES the folder has been deleted!

    Hurrah!

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    I can see, the stubborn folder is gone

    Let's check for other garbage.....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  6. #21
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    OTL.txt - Post 1 (this is gonna take a few posts!)

    OTL logfile created on: 25/09/2010 09:42:54 - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Michelle\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 581.52 Gb Total Space | 333.80 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MICHELLE-PC
    Current User Name: Michelle
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/25 09:40:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    PRC - [2009/09/15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    PRC - [2009/03/08 12:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
    PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/05/29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe
    PRC - [2007/12/27 15:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/25 09:40:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    MOD - [2010/09/20 20:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
    MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
    MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll
    MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
    SRV - [2010/09/22 14:03:38 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/08 11:27:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/07/16 14:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
    SRV - [2008/05/29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService)
    SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/27 15:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
    SRV - [2007/12/27 15:39:20 | 000,051,816 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
    DRV - [2010/08/31 23:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/07/14 12:17:23 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100923.039\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/14 12:17:23 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100923.039\NAVENG.SYS -- (NAVENG)
    DRV - [2010/05/28 20:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100924.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2010/05/27 20:21:43 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/27 20:21:43 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/03/30 23:25:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
    DRV - [2009/10/15 04:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
    DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/12/07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
    DRV - [2008/11/04 09:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
    DRV - [2008/11/04 09:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
    DRV - [2008/11/04 09:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
    DRV - [2008/11/04 09:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
    DRV - [2008/11/04 09:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
    DRV - [2008/07/16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/06/27 16:09:12 | 000,096,512 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\archlp.sys -- (archlp)
    DRV - [2008/04/02 05:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
    DRV - [2008/03/26 11:35:54 | 002,103,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

  7. #22
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    OTL.txt - Post 2

    DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2007/08/07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2007/06/24 21:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2007/06/24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2007/06/24 21:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2007/03/05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
    DRV - [2007/03/05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2007/03/05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2007/03/05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
    DRV - [2007/03/05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/10/30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
    DRV - [2005/04/14 02:00:00 | 000,138,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0090Vid.sys -- (V0090VID)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr....media_a5518_uk

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/09/15 22:24:32 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/09/15 22:24:32 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 16:15:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 16:15:03 | 000,000,000 | ---D | M]

    [2009/12/22 14:13:49 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions
    [2010/09/11 10:23:04 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\extensions
    [2010/05/10 13:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/10 13:53:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/03/30 08:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/19 19:51:35 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/07/19 19:51:35 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/07/19 19:51:35 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/07/19 19:51:35 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/09/24 09:11:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Freecause Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FreecycleMemberBHO Class) - {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files\Freecycle\FreecycleMember.dll (Edward Hibbert (eh@dataconnection.com))
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()

  8. #23
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    OTL.txt - Post 3

    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/au...20091210075554 (PhotoboxPhotowaysUploader5 Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://quark.webex.com/client/T27L/event/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\cf - No CLSID value found
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/25 09:39:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    [2010/09/24 09:20:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/09/24 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\temp
    [2010/09/24 09:11:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010/09/24 08:55:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/09/22 17:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/09/22 17:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/09/22 17:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/09/22 17:41:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/09/22 17:41:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/20 20:57:45 | 000,093,056 | ---- | C] (GMER) -- C:\uwlcqkow.sys
    [2010/09/20 20:13:51 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michelle\Desktop\mbam-setup.exe
    [2010/09/17 19:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
    [2010/09/17 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\Malwarebytes
    [2010/09/17 19:23:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/09/17 19:23:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/09/17 19:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/17 19:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/09/17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/09/17 15:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
    [2010/09/15 20:03:36 | 000,000,000 | ---D | C] -- C:\Windows\LMID291.tmp
    [2010/09/15 17:00:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
    [2010/09/15 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\App Launcher Gadget
    [2010/09/15 12:57:14 | 000,000,000 | ---D | C] -- C:\Users\Michelle\desktop icons
    [2010/09/14 21:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/09/14 21:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010/09/14 19:29:50 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\NPE
    [2010/09/14 19:27:33 | 000,000,000 | ---D | C] -- C:\Windows\LMI57EF.tmp
    [2010/09/09 18:53:12 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/09/02 15:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/02 15:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/09/01 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Documents\OneNote Notebooks
    [2010/08/31 19:54:20 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\Gumtree
    [2010/08/30 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/08/29 14:37:20 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\Adobe Mini Bridge CS5
    [2010/08/29 14:37:19 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/08/29 13:00:19 | 001,228,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Michelle\Photoshop_12_LS1.exe
    [2010/08/19 16:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/08/15 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Michelle\SoberServices
    [2010/08/12 09:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2010/08/10 13:40:48 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\FileOpen
    [2010/08/10 13:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
    [2010/08/08 20:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpen
    [2010/08/05 22:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/07/07 14:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2010/07/07 14:24:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
    [2010/07/02 18:47:44 | 000,000,000 | ---D | C] -- C:\New Folder
    [2010/07/02 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Documents\redsn0w
    [2010/06/29 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2010/06/29 11:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2010/06/29 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010/06/29 11:15:32 | 001,228,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Michelle\InDesign_7_LS1.exe
    [2010/06/29 11:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
    [2009/07/08 11:53:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Michelle\AppData\Roaming\pcouffin.sys
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/09/25 09:43:47 | 002,025,636 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
    [2010/09/25 09:42:19 | 014,417,920 | -HS- | M] () -- C:\Users\Michelle\NTUSER.DAT
    [2010/09/25 09:40:57 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD27CBEB-6AA0-426C-BA3D-652FFABF076C}.job
    [2010/09/25 09:40:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    [2010/09/25 09:37:24 | 000,713,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/09/25 09:37:24 | 000,615,806 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/09/25 09:37:24 | 000,111,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/09/25 09:35:37 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/09/25 09:35:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/25 09:31:38 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/25 09:31:38 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/25 09:31:37 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/09/25 09:31:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/25 09:31:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/25 09:31:20 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/24 12:14:15 | 000,524,288 | -HS- | M] () -- C:\Users\Michelle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/24 12:14:15 | 000,065,536 | -HS- | M] () -- C:\Users\Michelle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010/09/24 12:14:11 | 004,183,223 | -H-- | M] () -- C:\Users\Michelle\AppData\Local\IconCache.db
    [2010/09/24 11:57:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/24 09:13:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/09/24 09:11:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/09/24 08:54:47 | 003,851,266 | R--- | M] () -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2010/09/23 08:52:00 | 587,408,384 | ---- | M] () -- C:\Users\Michelle\Documents\Personal Folders.pst
    [2010/09/22 18:10:42 | 000,002,651 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2010/09/21 09:20:06 | 000,017,247 | ---- | M] () -- C:\Users\Michelle\Desktop\MY CHRISTMAS WISH LIST.docx
    [2010/09/21 09:13:52 | 000,000,870 | ---- | M] () -- C:\Users\Michelle\Desktop\Record Videos of Your Desktop on Any OS for Free - How-To Geek.url
    [2010/09/21 09:04:40 | 000,080,384 | ---- | M] () -- C:\Users\Michelle\Desktop\MBRCheck.exe
    [2010/09/20 23:03:18 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini
    [2010/09/20 21:14:11 | 000,525,824 | ---- | M] () -- C:\Users\Michelle\Desktop\dds.scr
    [2010/09/20 21:04:27 | 343,948,415 | ---- | M] () -- C:\Windows\MEMORY.DMP

  9. #24
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    OTL.txt - Post 4

    [2010/09/20 20:57:45 | 000,093,056 | ---- | M] (GMER) -- C:\uwlcqkow.sys
    [2010/09/20 20:53:17 | 000,293,376 | ---- | M] () -- C:\Users\Michelle\Desktop\GMER.exe
    [2010/09/20 20:15:16 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/20 20:13:53 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michelle\Desktop\mbam-setup.exe
    [2010/09/19 18:14:58 | 000,100,421 | ---- | M] () -- C:\Users\Michelle\Desktop\assert failed.jpg
    [2010/09/19 18:13:34 | 000,279,574 | ---- | M] () -- C:\Users\Michelle\Desktop\The dobbos on mappiness.jpg
    [2010/09/19 18:10:48 | 000,323,755 | ---- | M] () -- C:\Users\Michelle\Desktop\ON MAPPINESS.pdf
    [2010/09/19 18:10:00 | 001,894,720 | ---- | M] () -- C:\Users\Michelle\Desktop\ON MAPPINESS.docx
    [2010/09/17 19:33:59 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
    [2010/09/16 20:15:24 | 000,775,271 | ---- | M] () -- C:\Users\Michelle\Desktop\What is Data Execution Prevention.docx
    [2010/09/15 14:36:16 | 000,033,351 | ---- | M] () -- C:\Users\Michelle\Desktop\UnofficialCAUK2.docx
    [2010/09/14 21:31:28 | 000,000,036 | ---- | M] () -- C:\Users\Michelle\AppData\Local\housecall.guid.cache
    [2010/09/14 15:21:16 | 000,002,255 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/09/11 19:54:38 | 000,000,668 | ---- | M] () -- C:\Users\Michelle\AppData\Roaming\vso_ts_preview.xml
    [2010/09/11 19:00:39 | 000,047,616 | ---- | M] () -- C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/10 23:24:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/09/09 16:44:21 | 000,000,978 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\InDesign.lnk
    [2010/08/29 21:54:21 | 000,002,453 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\QuarkXPress.lnk
    [2010/08/29 13:50:32 | 000,000,806 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent.exe.lnk
    [2010/08/29 13:49:18 | 000,001,002 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5.lnk
    [2010/08/29 13:19:22 | 1026,293,791 | ---- | M] () -- C:\Users\Michelle\Photoshop_12_LS1.7z
    [2010/08/13 11:15:43 | 000,000,680 | ---- | M] () -- C:\Users\Michelle\AppData\Local\d3d9caps.dat
    [2010/08/13 10:37:19 | 004,250,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/08/05 22:23:15 | 000,000,945 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/07/27 18:57:41 | 000,002,609 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
    [2010/07/18 22:00:34 | 000,294,060 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
    [2010/07/07 14:26:23 | 000,214,752 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
    [2010/06/29 11:25:47 | 751,253,252 | ---- | M] () -- C:\Users\Michelle\InDesign_7_LS1.7z
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/22 17:41:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/09/22 17:41:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/09/22 17:41:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/09/22 17:41:53 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/09/22 17:41:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/09/22 17:34:52 | 003,851,266 | R--- | C] () -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2010/09/21 09:13:52 | 000,000,870 | ---- | C] () -- C:\Users\Michelle\Desktop\Record Videos of Your Desktop on Any OS for Free - How-To Geek.url
    [2010/09/21 09:04:37 | 000,080,384 | ---- | C] () -- C:\Users\Michelle\Desktop\MBRCheck.exe
    [2010/09/20 21:14:07 | 000,525,824 | ---- | C] () -- C:\Users\Michelle\Desktop\dds.scr
    [2010/09/20 20:54:46 | 343,948,415 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/09/20 20:53:15 | 000,293,376 | ---- | C] () -- C:\Users\Michelle\Desktop\GMER.exe
    [2010/09/19 18:14:56 | 000,100,421 | ---- | C] () -- C:\Users\Michelle\Desktop\assert failed.jpg
    [2010/09/19 18:13:32 | 000,279,574 | ---- | C] () -- C:\Users\Michelle\Desktop\The dobbos on mappiness.jpg
    [2010/09/19 18:10:47 | 000,323,755 | ---- | C] () -- C:\Users\Michelle\Desktop\ON MAPPINESS.pdf
    [2010/09/19 18:09:58 | 001,894,720 | ---- | C] () -- C:\Users\Michelle\Desktop\ON MAPPINESS.docx
    [2010/09/18 12:24:20 | 000,017,247 | ---- | C] () -- C:\Users\Michelle\Desktop\MY CHRISTMAS WISH LIST.docx
    [2010/09/17 19:33:59 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
    [2010/09/17 19:23:33 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/15 21:38:47 | 3488,800,768 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/15 16:56:00 | 000,775,271 | ---- | C] () -- C:\Users\Michelle\Desktop\What is Data Execution Prevention.docx
    [2010/09/15 14:36:15 | 000,033,351 | ---- | C] () -- C:\Users\Michelle\Desktop\UnofficialCAUK2.docx
    [2010/09/14 21:31:28 | 000,000,036 | ---- | C] () -- C:\Users\Michelle\AppData\Local\housecall.guid.cache
    [2010/09/09 16:44:21 | 000,000,978 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\InDesign.lnk
    [2010/09/03 13:38:17 | 000,002,255 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/08/29 13:50:32 | 000,000,806 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent.exe.lnk
    [2010/08/29 13:49:18 | 000,001,002 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5.lnk
    [2010/08/29 13:00:19 | 1026,293,791 | ---- | C] () -- C:\Users\Michelle\Photoshop_12_LS1.7z
    [2010/08/13 11:06:39 | 000,000,680 | ---- | C] () -- C:\Users\Michelle\AppData\Local\d3d9caps.dat
    [2010/08/05 22:23:15 | 000,000,945 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/07/07 14:22:45 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
    [2010/07/07 14:22:45 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
    [2010/07/07 14:22:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
    [2010/06/29 11:15:32 | 751,253,252 | ---- | C] () -- C:\Users\Michelle\InDesign_7_LS1.7z
    [2009/12/30 12:18:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Resources
    [2009/12/30 12:18:46 | 000,000,268 | RH-- | C] () -- C:\Users\Michelle\AppData\Roaming\Quartz Composer
    [2009/12/30 12:18:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2009/12/30 12:18:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sample Delay
    [2009/12/29 15:39:40 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/12/29 15:39:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2009/12/29 15:39:37 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/12/29 15:39:37 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/12/29 15:39:35 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/12/29 15:39:35 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2009/11/17 15:15:46 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/11/17 15:15:46 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/16 22:35:12 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
    [2009/07/16 21:50:40 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
    [2009/07/16 21:50:40 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
    [2009/07/16 21:48:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/07/16 21:37:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDE RX620EI.ini
    [2009/07/12 16:08:15 | 000,336,896 | ---- | C] () -- C:\Windows\System32\ammppg.dll
    [2009/07/12 16:08:15 | 000,303,104 | ---- | C] () -- C:\Windows\System32\qscl.dll
    [2009/07/12 16:08:15 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2009/07/12 16:08:15 | 000,212,992 | ---- | C] () -- C:\Windows\System32\amrdec.dll
    [2009/07/12 16:08:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\qcpsdk.dll
    [2009/07/12 16:08:15 | 000,073,728 | ---- | C] () -- C:\Windows\System32\a1.dll
    [2009/07/09 15:38:35 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
    [2009/07/09 11:41:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/07/08 21:03:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/07/08 16:53:59 | 000,000,668 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\vso_ts_preview.xml
    [2009/07/08 11:54:23 | 000,000,034 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\pcouffin.log
    [2009/07/08 11:53:52 | 000,007,887 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\pcouffin.cat
    [2009/07/08 11:53:52 | 000,001,144 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\pcouffin.inf
    [2009/07/08 09:34:24 | 000,000,094 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\wklnhst.dat
    [2009/07/07 21:25:29 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/07/07 20:00:52 | 000,047,616 | ---- | C] () -- C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/02 20:48:27 | 000,096,512 | ---- | C] () -- C:\Windows\System32\drivers\archlp.sys
    [2009/04/02 20:41:52 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2009/03/21 08:20:51 | 000,000,564 | ---- | C] () -- C:\Windows\System32\hidservice.ini
    [2009/03/21 08:18:00 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/12/07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/09/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\App Launcher Gadget
    [2010/09/09 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/07/16 22:18:23 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\EPSON
    [2010/03/02 23:17:16 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Facebook
    [2010/08/10 13:40:48 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\FileOpen
    [2009/12/22 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\FileZilla
    [2010/02/18 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\GARMIN
    [2009/12/30 12:35:14 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Nikon
    [2009/07/08 10:15:22 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Packard Bell
    [2009/07/07 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Quark
    [2009/07/16 22:36:04 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Smart Panel
    [2010/08/29 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/04/15 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Template
    [2010/04/01 23:42:50 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Tific
    [2010/09/18 22:25:54 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\uTorrent
    [2010/09/11 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Vso
    [2010/03/23 11:39:36 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\webex
    [2010/09/24 12:14:17 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/09/25 09:40:57 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD27CBEB-6AA0-426C-BA3D-652FFABF076C}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/03/21 14:58:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/09/24 09:20:31 | 000,023,985 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/08/08 20:08:59 | 000,004,037 | ---- | M] () -- C:\CtDrvStp.log
    [2010/09/25 09:31:20 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/25 09:31:18 | 3802,415,104 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/21 08:18:47 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
    [2010/09/20 20:57:45 | 000,093,056 | ---- | M] (GMER) -- C:\uwlcqkow.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/08 21:16:28 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 10:46:04 | 000,034,816 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0LPP01.DLL
    [2006/11/02 10:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
    [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/03/21 14:58:18 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2009/03/21 14:58:12 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2009/03/21 14:58:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2009/03/21 14:58:28 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2009/03/21 14:58:30 | 006,680,576 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/08 12:48:02 | 000,000,286 | -HS- | M] () -- C:\Users\Michelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/24 08:54:47 | 003,851,266 | R--- | M] () -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2010/09/20 20:53:17 | 000,293,376 | ---- | M] () -- C:\Users\Michelle\Desktop\GMER.exe
    [2010/09/20 20:13:53 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michelle\Desktop\mbam-setup.exe
    [2010/09/21 09:04:40 | 000,080,384 | ---- | M] () -- C:\Users\Michelle\Desktop\MBRCheck.exe
    [2010/09/25 09:40:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

  10. #25
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    OTL.txt - Post 5 (FINAL)

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2010/06/29 11:25:53 | 001,228,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Michelle\InDesign_7_LS1.exe
    [2010/08/29 13:19:27 | 001,228,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Michelle\Photoshop_12_LS1.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/07/08 21:31:43 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/07/08 21:31:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2009/07/08 21:31:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/07/08 21:31:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/07/08 21:31:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2009/07/08 21:31:13 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/07/07 19:07:20 | 000,000,402 | -HS- | M] () -- C:\Users\Michelle\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/25 09:31:37 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2009/12/30 12:18:46 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Resources
    [2009/12/30 12:18:46 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Sample Delay

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-15 12:08:33

    < End of report >

  11. #26
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    Extras.txt (Post 1 of 2)

    OTL Extras logfile created on: 25/09/2010 09:42:54 - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Michelle\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 581.52 Gb Total Space | 333.80 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MICHELLE-PC
    Current User Name: Michelle
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06E8EC48-9B14-4EF1-BBA5-98300E546028}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
    "{2010FA3D-3C45-4F50-8058-E01536886C24}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
    "{31EC1066-8B33-45C5-838A-DE2C276D6328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{608E673F-CC24-4716-B3A9-00748DB392ED}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{8C3302C9-FED3-4BF6-B3AD-11DA46F6A601}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{A6176AB5-7D6B-49D3-9F81-4EC854F24CAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{F9C6C22B-6844-4290-A0F6-194167004E5E}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{013B0D67-D4A8-4AAF-99E3-68AAB1BE4BAA}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe |
    "{2025AA85-DB83-48F9-908D-95BDAFFB3788}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{3DFFC60E-6DAE-42F2-A005-087A7C6E723B}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe |
    "{4CCAD550-9F39-4C87-952A-7D9B8725CA9E}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
    "{614A0B3E-FAFE-4A43-B763-ED3D39F4E792}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe |
    "{6DF52180-72D1-4EFD-AB22-91490E86AACC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6E3ED1FA-209C-4B19-B2E1-5ED81C453879}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe |
    "{6FEE9C19-DADF-4C35-A64F-589315C9FB29}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{7059F578-ED98-434D-A4EC-7192E9FD2677}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
    "{7F4FC8E9-9D9A-4CDC-B6C2-444A46574C33}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{9059F0CE-E912-4960-813D-D84E6E5F0A6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{94A17803-39AA-40B9-B9C8-EF408F77C7F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A112473A-D492-4BD8-B283-A90C4822C816}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{C1BD7C6A-2643-4015-8363-DAA0484ACF9E}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
    "{C86915DA-613C-44B6-82A9-34FB5A034ACF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CFB99A36-D10A-428C-8C4B-24F12F3D6665}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D63BB8F8-5F1E-40FB-9252-D43C5A7DE6AE}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
    "{D9CE49A4-E7DC-4404-BC1F-16B779006A07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E929E908-73BD-4C1B-AC39-090BE9383C85}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{ECCD9312-CCB4-4DE4-AAC7-243ED0821067}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{EE48E286-B3B3-4A63-8859-916D663141FA}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
    "{F9876AAF-0BFC-442A-A0E4-5943D2008AC4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{FA83195F-8CD3-49CE-AB07-11F3666EEFA3}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{1240A058-8BCE-4A3B-BF82-6E5B801D71BA}" = Garmin City Navigator Europe NT 2009 Update
    "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
    "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
    "{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
    "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.7
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

  12. #27
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    Extras.txt (Post 2 of 2)

    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A4E56BBF-A48B-4D90-8C48-22DB3E244E46}" = Freecycle Internet Explorer Plugin
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CBE3C837-EDFB-427E-BB82-A4B31EDF07FF}" = ArcSoft TotalMedia Extreme
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
    "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "7-Zip" = 7-Zip 9.15 beta
    "ActiveTouchMeetingClient" = WebEx
    "AddThis Toolbar" = AddThis Toolbar
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Akamai" = Akamai NetSession Interface
    "AviSynth" = AviSynth 2.5
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)
    "Creative WebCam Center" = Creative WebCam Center
    "Creative WebCam Vista Plus User's Guide English" = Creative WebCam Vista Plus User's Guide (English)
    "EasyBits Magic Desktop" = EasyBits Magic Desktop
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "ESPRX620 Series Reference Guide" = ESPRX620 Series Reference Guide
    "ESPRX620 Software Guide" = ESPRX620 Software Guide
    "FileASSASSIN" = FileASSASSIN
    "FileZilla Client" = FileZilla Client 3.3.0.1
    "Get Yahoo! Messenger" = Get Yahoo! Messenger
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
    "MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 8.0
    "N360" = Norton 360
    "Nikon FotoShare" = Nikon FotoShare
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PowerISO" = PowerISO
    "RealPlayer 12.0" = RealPlayer
    "RocketDock_is1" = RocketDock 1.3.5
    "The Extractor1.4.1" = The Extractor
    "VLC media player" = VLC media player 1.0.0
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Works9SE" = Microsoft Works 9.0 SE
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "uTorrent" = µTorrent
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 16/09/2010 15:43:58 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: cc4 Start Time: 01cb55d71ad42300 Termination Time: 0

    Error - 16/09/2010 15:46:04 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 138 Start Time: 01cb55d78150dc90 Termination Time: 0

    Error - 16/09/2010 15:48:55 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: e9c Start Time: 01cb55d7cc916350 Termination Time: 0

    Error - 16/09/2010 16:03:38 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: f10 Start Time: 01cb55d8326f6be0 Termination Time: 0

    Error - 16/09/2010 16:09:56 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: ee0 Start Time: 01cb55da40d73f80 Termination Time: 0

    Error - 16/09/2010 16:10:52 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1638 Start Time: 01cb55db220e1ff0 Termination Time: 0

    Error - 16/09/2010 17:42:33 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 37c Start Time: 01cb55db431f8c60 Termination Time: 0

    Error - 16/09/2010 17:53:04 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: eec Start Time: 01cb55e8125e6530 Termination Time: 0

    Error - 16/09/2010 17:54:18 | Computer Name = Michelle-PC | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1004 Start Time: 01cb55e98a5d2020 Termination Time: 0

    Error - 17/09/2010 09:42:44 | Computer Name = Michelle-PC | Source = WinMgmt | ID = 10
    Description =

    [ OSession Events ]
    Error - 10/02/2010 15:46:37 | Computer Name = Michelle-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22180
    seconds with 1860 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 24/09/2010 03:42:50 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 24/09/2010 03:42:50 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 24/09/2010 03:58:33 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 24/09/2010 04:09:03 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 24/09/2010 04:09:11 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 24/09/2010 04:12:12 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 24/09/2010 04:12:12 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 24/09/2010 04:16:03 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 25/09/2010 04:32:52 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 25/09/2010 04:32:52 | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >


  13. #28
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.


    ================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
      [2010/08/12 09:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
      [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  14. #29
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    OTL SCAN LOG

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    C:\ProgramData\F-Secure\Daas2\cert folder moved successfully.
    C:\ProgramData\F-Secure\Daas2 folder moved successfully.
    C:\ProgramData\F-Secure folder moved successfully.
    C:\Windows\LMI57EF.tmp\rescue.log deleted successfully.
    C:\Windows\LMI57EF.tmp folder deleted successfully.
    C:\Windows\LMID291.tmp\ICSAgent32.dll deleted successfully.
    C:\Windows\LMID291.tmp\LMIRhook.000.dll deleted successfully.
    C:\Windows\LMID291.tmp\lmi_rescue.exe deleted successfully.
    C:\Windows\LMID291.tmp\logo.bmp deleted successfully.
    C:\Windows\LMID291.tmp\params.txt deleted successfully.
    C:\Windows\LMID291.tmp\ra64app.exe deleted successfully.
    C:\Windows\LMID291.tmp\rahook.dll deleted successfully.
    C:\Windows\LMID291.tmp\rarcc.dll deleted successfully.
    C:\Windows\LMID291.tmp\rescue.ico deleted successfully.
    C:\Windows\LMID291.tmp\rescue.log deleted successfully.
    C:\Windows\LMID291.tmp\session.log deleted successfully.
    C:\Windows\LMID291.tmp folder deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Michelle
    ->Temp folder emptied: 241095 bytes
    ->Temporary Internet Files folder emptied: 22019945 bytes
    ->Java cache emptied: 30266821 bytes
    ->FireFox cache emptied: 31901429 bytes
    ->Flash cache emptied: 65476 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49791 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 81.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Michelle
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 09262010_155710

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  15. #30
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    checkup.txt

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton Internet Security
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.82.76
    Adobe Reader 9.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.5.11) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •