|
-
August 20th, 2010, 09:11 AM
#16
 Originally Posted by crunchie
Might be something blocking it. Any chance you can run it in safe mode for me please?
How is the pc at the moment?
No worries. Will run in safe mode once. The PC has been running well, haven't used firefox a lot coz have been running all the scans. Haven't seen any random websites pop up automatically in the little time it has been running. Will monitor for a little more time and post the findings tomorrow.
-
August 20th, 2010, 09:16 AM
#17
No worries  .
-
August 20th, 2010, 10:30 AM
#18
Securitycheck.exe ran successfully in safe mode. Here is the checkup.txt file:
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
McAfee SecurityCenter
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Chinese Simplified Fonts Support For Adobe Reader 8
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)
``````````End of Log````````````
-
August 20th, 2010, 09:14 PM
#19
Have you disabled the Security Centre Service?
IE7 upgrade is really optional and a personal choice, but you should think about it.
====
Let me know if anything untoward is still happening with the pc.
-
August 20th, 2010, 10:04 PM
#20
Originally Posted by crunchie
Have you disabled the Security Centre Service?
IE7 upgrade is really optional and a personal choice, but you should think about it.
====
Let me know if anything untoward is still happening with the pc.
Security Center Service is definitely enabled. Maybe it got disabled in safe mode. IE7 upgrade is not really required, since I have moved on to firefox a while back and don't really use IE anymore.
By the way, a new tab for www.searchwidgets.com.au appeared on its own while browsing today. Maybe there's still a bug in the system. Should I rerun all the scans?
-
August 20th, 2010, 10:18 PM
#21
Are you using the latest FireFox?
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 21st, 2010, 12:31 AM
#22
Part 1 of OTL.txt log:
OTL logfile created on: 21/08/2010 12:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Niketu Gohil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 4.44 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUPERCOMP
Current User Name: Niketu Gohil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/21 12:53:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Niketu Gohil\Desktop\OTL.exe
PRC - [2010/08/11 22:40:27 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/27 19:08:35 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 03:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/04 02:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/07/22 22:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/07/18 17:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/13 16:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/05/17 17:43:18 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
========== Modules (SafeList) ==========
MOD - [2010/08/21 12:53:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Niketu Gohil\Desktop\OTL.exe
MOD - [2010/05/06 18:58:39 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/05/17 16:33:10 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/05/17 16:31:18 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/08/11 22:40:27 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/13 21:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/21 04:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/10/18 21:47:14 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/08/24 03:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/04 02:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/08/03 14:09:34 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/22 22:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/07/18 17:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
-
August 21st, 2010, 12:33 AM
#23
Part 2 of OTL.txt log:
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/08/11 22:41:26 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 18:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/10/21 04:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/18 21:47:06 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/18 21:47:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 04:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 02:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/13 08:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/06 17:39:32 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 17:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 16:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/08 23:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 23:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 23:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 23:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/04/23 23:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 23:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 23:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/31 00:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 21:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/22 21:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/22 21:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 21:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/14 12:37:08 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV - [2006/12/18 21:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 14:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/09/13 01:00:00 | 000,173,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0330Vid.sys -- (V0330VID)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 13:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 13:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com.au/ig/dell?hl=...au&ibd=2071213
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com.au/ig/dell?hl=...au&ibd=2071213
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com.au/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/08 20:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/13 22:32:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 17:48:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 23:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/08 20:02:03 | 000,000,000 | ---D | M]
[2009/11/28 09:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Mozilla\Extensions
[2009/11/28 09:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Mozilla\Extensions\[email protected]
[2010/08/20 21:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Mozilla\Firefox\Profiles\gntuhfem.default\extensions
[2010/05/04 07:03:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Niketu Gohil\Application Data\Mozilla\Firefox\Profiles\gntuhfem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 22:39:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Niketu Gohil\Application Data\Mozilla\Firefox\Profiles\gntuhfem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/10 16:26:08 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Application Data\Mozilla\Firefox\Profiles\gntuhfem.default\searchplugins\askcom.xml
[2010/08/20 21:51:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/19 23:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/07/02 12:25:00 | 002,416,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
[2010/08/19 23:10:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 22:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
-
August 21st, 2010, 12:34 AM
#24
Part 3 of OTL.txt log:
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://supportapj.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01f67c6c-be53-11de-a9e9-001dd9e942f8}\Shell - "" = AutoRun
O33 - MountPoints2\{01f67c6c-be53-11de-a9e9-001dd9e942f8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01f67c6c-be53-11de-a9e9-001dd9e942f8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{2734758b-db23-11de-aa3c-001dd9e942f8}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{2fcfaeb8-e877-11dd-a867-001dd9e942f8}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcfaeb8-e877-11dd-a867-001dd9e942f8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2fcfaeb8-e877-11dd-a867-001dd9e942f8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f3368dd8-c28b-11de-a9f4-001dd9e942f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f3368dd8-c28b-11de-a9f4-001dd9e942f8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3368dd8-c28b-11de-a9f4-001dd9e942f8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
-
August 21st, 2010, 12:35 AM
#25
Part 4 of OTL.txt log:
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (112603601435623424)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/21 12:53:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Niketu Gohil\Desktop\OTL.exe
[2010/08/21 12:28:40 | 000,000,000 | ---D | C] -- C:\XPSetup
[2010/08/19 23:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/19 23:08:06 | 000,000,000 | ---D | C] -- C:\TEMP
[2010/08/19 23:08:01 | 000,000,000 | ---D | C] -- C:\Sun
[2010/08/19 22:57:45 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Niketu Gohil\Desktop\JavaRa.exe
[2010/08/19 22:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niketu Gohil\Desktop\GooredFix Backups
[2010/08/19 22:53:54 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Niketu Gohil\Desktop\GooredFix.exe
[2010/08/15 13:19:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/15 13:19:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/15 13:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/13 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/08/13 22:30:12 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/08/13 22:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/08/12 19:03:16 | 000,000,000 | ---D | C] -- C:\711 Email Archives
[2010/08/04 22:38:13 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/04 22:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Sunbelt Software
[2010/08/04 22:31:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/06/12 12:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\jvibvsbpw
[2010/06/12 12:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\cxhdfu
[2010/05/30 11:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niketu Gohil\Application Data\VMware
[2010/05/30 11:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/05/30 11:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2010/05/28 23:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/28 23:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/07 21:47:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Niketu Gohil\Application Data\pcouffin.sys
========== Files - Modified Within 90 Days ==========
[2010/08/21 12:53:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Niketu Gohil\Desktop\OTL.exe
[2010/08/21 12:22:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 11:20:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/21 11:19:22 | 000,060,479 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/21 11:19:21 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/08/21 11:19:15 | 000,081,376 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/08/21 11:18:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 11:18:32 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 11:17:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/21 11:17:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 11:17:36 | 2145,579,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 00:46:56 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\NTUSER.DAT
[2010/08/21 00:23:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Niketu Gohil\ntuser.ini
[2010/08/20 23:55:20 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Why Your Job Won.doc
[2010/08/20 22:33:35 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\SecurityCheck.exe
[2010/08/20 10:22:52 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/19 22:53:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Niketu Gohil\Desktop\GooredFix.exe
[2010/08/19 21:54:22 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\gmer.zip
[2010/08/19 21:53:29 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\dds.scr
[2010/08/19 18:49:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/08/17 01:00:04 | 000,457,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/17 01:00:04 | 000,077,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 13:41:42 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Virtualdr.doc
[2010/08/15 13:19:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/08/13 22:49:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/13 22:49:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/13 22:32:10 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/08/13 17:58:55 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 20:43:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/09 14:51:12 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Niketu Gohil\Desktop\JavaRa.exe
[2010/08/08 14:09:10 | 000,002,758 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Deutsch.lng
[2010/08/08 14:08:52 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Suomi.lng
[2010/08/08 14:08:40 | 000,003,027 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Français.lng
[2010/08/08 14:08:20 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Italiano.lng
[2010/08/08 14:08:04 | 000,002,946 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Español.lng
[2010/08/08 14:07:50 | 000,003,127 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Nederlands.lng
[2010/08/05 19:00:33 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/04 22:38:12 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/04 22:31:19 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/04 20:04:12 | 000,030,743 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\error.JPG
[2010/08/04 19:56:50 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 19:56:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/04 19:56:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/03 19:19:32 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Calendar.lnk
[2010/08/01 13:24:58 | 000,322,351 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\JavaRa.def
[2010/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/21 18:00:21 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/18 12:16:46 | 003,182,508 | -H-- | M] () -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\IconCache.db
[2010/07/18 11:09:08 | 000,081,376 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/17 00:10:00 | 000,943,553 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Ongoing Contract - Niketu Gohil.pdf
[2010/07/12 18:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 18:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/09 21:16:59 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/07/04 22:10:11 | 000,003,859 | ---- | M] () -- C:\WINDOWS\ENTPACK.INI
[2010/07/04 20:47:14 | 000,000,466 | ---- | M] () -- C:\WINDOWS\FUJIGOLF.INI
[2010/06/23 19:13:05 | 000,528,412 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/10 23:16:15 | 000,351,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 22:14:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 10:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/05/30 11:18:30 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/05/28 23:19:28 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\My Documents\Home.kmz
[2010/05/28 23:09:50 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Niketu Gohil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/28 23:09:07 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2010/08/21 00:24:34 | 2145,579,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/20 23:55:19 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Why Your Job Won.doc
[2010/08/19 23:11:43 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\SecurityCheck.exe
[2010/08/19 22:57:45 | 000,322,351 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\JavaRa.def
[2010/08/19 22:57:45 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Nederlands.lng
[2010/08/19 22:57:45 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Français.lng
[2010/08/19 22:57:45 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Español.lng
[2010/08/19 22:57:45 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Italiano.lng
[2010/08/19 22:57:45 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Deutsch.lng
[2010/08/19 22:57:45 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Suomi.lng
[2010/08/19 21:54:57 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\gmer.exe
[2010/08/19 21:54:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\gmer.zip
[2010/08/19 21:53:23 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\dds.scr
[2010/08/15 13:41:40 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Virtualdr.doc
[2010/08/15 13:19:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/13 22:49:22 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/13 22:49:22 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/13 22:32:10 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/08/04 22:31:19 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/04 20:04:12 | 000,030,743 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\error.JPG
[2010/08/03 19:19:32 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Calendar.lnk
[2010/07/17 00:10:00 | 000,943,553 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Desktop\Ongoing Contract - Niketu Gohil.pdf
[2010/07/09 21:16:59 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/05/28 23:19:28 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\My Documents\Home.kmz
[2010/05/28 23:09:50 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/28 23:09:50 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/28 23:09:07 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/28 23:01:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 23:01:20 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/06 19:58:38 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/12/03 22:12:54 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/12/03 22:12:54 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/21 04:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/23 00:46:28 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/17 14:32:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/05/07 18:36:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\.ini
[2009/04/27 12:13:53 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\FASTWiz.log
[2009/02/22 13:11:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/02/07 17:22:38 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/07 17:22:35 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/07 17:22:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/02/07 17:22:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/07 17:22:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/15 22:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2008/10/04 16:10:27 | 000,002,436 | ---- | C] () -- C:\WINDOWS\dep32ceg.dll
[2008/10/04 16:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spr32snl.dll
[2008/10/04 16:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopb32ul.dll
[2008/10/04 16:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopa32ul.dll
[2008/09/07 21:47:43 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\vso_ts_preview.xml
[2008/09/07 21:47:26 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\pcouffin.log
[2008/09/07 21:47:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\pcouffin.cat
[2008/09/07 21:47:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\pcouffin.inf
[2008/08/11 22:30:20 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/11 22:30:20 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/07/11 23:48:35 | 000,208,976 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/04/24 22:42:11 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/16 21:30:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/03/23 12:50:47 | 000,000,210 | ---- | C] () -- C:\WINDOWS\POD.INI
[2008/02/24 16:53:32 | 000,000,466 | ---- | C] () -- C:\WINDOWS\FUJIGOLF.INI
[2008/02/23 10:47:26 | 000,003,859 | ---- | C] () -- C:\WINDOWS\ENTPACK.INI
[2008/02/18 21:50:40 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2008/02/18 20:47:34 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2008/02/01 21:27:10 | 000,000,112 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/29 17:49:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Niketu Gohil.ini
[2007/12/21 09:28:46 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 00:48:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\openList.awt
[2007/12/21 00:48:35 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\closedList.awt
[2007/12/20 16:43:38 | 000,007,372 | ---- | C] () -- C:\Documents and Settings\Niketu Gohil\Application Data\wklnhst.dat
[2007/12/13 02:10:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/13 02:01:49 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/12/13 02:01:40 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/12/13 02:01:17 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/13 02:01:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/13 01:26:42 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/12/13 01:26:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/13 01:26:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/13 01:26:16 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/13 01:26:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/13 01:24:54 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/05/17 16:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 16:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/02/17 14:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
-
August 21st, 2010, 12:36 AM
#26
Part 5 of OTL.txt log:
========== LOP Check ==========
[2008/03/09 14:03:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/13 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/12 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/01/18 11:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/07/19 11:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/05/08 19:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009/07/20 19:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/28 05:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/12/13 02:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2007/12/13 02:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/21 11:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/28 09:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/02/14 08:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/10/05 20:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/04 22:31:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/17 23:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\BitTorrent
[2009/01/15 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Canneverbe_Limited
[2008/09/07 01:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\DeepBurner
[2009/05/09 12:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\DNA
[2009/09/12 15:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\FileZilla
[2009/07/17 14:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Focus Mp3 Recorder
[2009/07/02 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\FUJIFILM
[2009/04/24 22:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Leadertech
[2010/01/09 10:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Nokia
[2008/01/18 01:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\NSeries
[2010/05/21 23:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\PC Suite
[2010/03/27 22:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\SmartDraw
[2009/11/05 03:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Sowedoo Software
[2007/12/20 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Template
[2009/11/28 09:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\TomTom
[2009/04/26 11:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\VCE Testing System
[2009/06/12 23:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Vso
[2010/03/30 20:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niketu Gohil\Application Data\Wireshark
[2010/08/21 11:20:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/08/21 11:19:21 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/16 22:48:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/16 22:48:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\XPSetup\i386\sp2.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\XPSetup\i386\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/16 22:48:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/16 22:48:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\XPSetup\i386\sp2.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\XPSetup\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\XPSetup\i386\eventlog.dll
< MD5 for: IASTOR.SYS >
[2007/05/08 22:22:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\storage\R154200\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\i386\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\XPSetup\i386\iastor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\XPSetup\i386\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\XPSetup\i386\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Niketu Gohil\Desktop\MCSE.bat:�SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Niketu Gohil\My Documents\Webshots Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Niketu Gohil\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP FC5A2B2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
-
August 21st, 2010, 12:40 AM
#27
Part 1 of Extras.txt log:
OTL Extras logfile created on: 21/08/2010 12:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Niketu Gohil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 4.44 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUPERCOMP
Current User Name: Niketu Gohil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [easypdfconverter6] -- "C:\Program Files\Sowedoo Software\Easy PDF Converter 6\EasyPDFConverter.exe" "%l" (Sowedoo Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
-
August 21st, 2010, 12:41 AM
#28
Part 2 of Extras.txt log:
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
-
August 21st, 2010, 12:45 AM
#29
Part 3 of Extras.txt log:
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Testout\CMI\Navigator.exe" = D:\Testout\CMI\Navigator.exe:*isabled:TestOut Navigator -- File not found
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*isabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe" = C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe:*isabled:TestOut Navigator -- File not found
-
August 21st, 2010, 12:46 AM
#30
Part 4 of Extras.txt log:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabledell Network Assistant -- (SingleClick Systems)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*isabled:TestOut Navigator -- (TestOut Corporation)
"C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- File not found
"C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Niketu Gohil\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe" = C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe:*isabled:TestOut Navigator -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
