Tidserv Activity 2

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Tidserv Activity 2

Post by rich_hilton on Thu 15 Dec 2011, 10:46 am

Hello,
I have been struggling for the last three days to remove a tidserv trojan from my XP desktop.
I was "assisted" by Symantec's Indian subcontractors over a number of hours with no good result. Previously, I had applied Symantec's FixTDSS.exe and Kaspersky's TDSSKiller.exe to no avail - neither of them could find tidserv even though then (and now) I have a persistent little Norton popup box telling me "Threat requiring manual removal detected: System Infected: Tidserv Activity 2.”
I also have another persistent popup informing me that Malwarebytes has successfully blocked an (outgoing) attempt to connect with (one of several) potentially malicious websites.
I was unable to attach the requested log files in the usual manner or paste them in here so I had to upload them to my website cliveburton.com – please look for them there.
I certainly hope you can help me get rid of this nasty trojan which Norton Internet Security let through onto my system and they were of no use whatsoever in removing it.
I certainly do not want to go through the agony of reverting my system to factory state (as Symantec suggested) then spending many hours reinstating all my many applications from scratch (rather than from a backup image potentially still infected).
Any help you can give will be greatly appreciated!
Best regards
Clive Burton (PhD- physics)

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Thu 15 Dec 2011, 1:17 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
I was unable to attach the requested log files in the usual manner or paste them in here so I had to upload them to my website cliveburton.com – please look for them there.
What happens when you try to paste the logs? You may have to break the logs up into two or more posts.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Fri 16 Dec 2011, 6:28 am

Hello Dave
Thank you so much for your offer of assistance.
Well - I succeeded in installing and running Superantispyware but am afraid I can't do much with the results because everything I now go to do on the infected computer (my desktop) doesn't work anymore.
I consistently get messages saying that this that or the other .dll or .ime object "is not a valid Windows image" or that there is not enough system resource to carry out the task.
I am seeing a lot of what I class as memory leaks – screen images overlaying one another with transparent windows in them.
When I go to check on free space on the C drive (I believe there is well over 10 Gb) I see that used space and the free space are both reported as zero.
I can’t take any more pictures of my desktop because Jing isn’t working anymore.
I have to leave for an appointment in ten minutes so I’ll have to be quick here.
Please have a look at [You must be registered and logged in to see this link.] Trojan Removal
This contains all the logs and some images of the Superantispy runs I did. I haven’t attempted to fix anything thus far.
I can’t do any better with sending you information at the moment.
Whenever I try to paste text logs here or attach files here I run into problems.
The files bring up an “invalid file” message and the pastes just don’t happen – this is from my laptop which appears to be working just fine.
I would like to run chkdsk on my desktop C drive but will await your instructions.
gottago
Best regards
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Fri 16 Dec 2011, 7:18 am

I would like to run chkdsk on my desktop C drive but will await your instructions.
Go ahead and run chkdsk, if you can.
BTW, that link doesn't work.


Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Fri 16 Dec 2011, 10:56 am

Dave
Thank you for your reply - sorry - the link didn't copy properly - please go to:-
[You must be registered and logged in to see this link.]
I will do the other things you suggested.
Best regards
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Sat 17 Dec 2011, 4:08 pm

Hi Dave
I had a lot of trouble with blue screens of death and have been unable to run chkdsk so far - however DrWeb LiveCD is running through all my HDDs and has so far identified two trojans though their names are hardly readable - look like TrojanSlgger2.8966 (the 9 could be a 5 but I don't think so) - it's in an exe file the name of which I cannot read. The other is Trojan.NulDrop3.17529 in SkypeSecrets.exe
DrWeb has been going for 13 hours so far and has only gone through 518344 files so there is a loooong way to go.
Suggestions please.
I'm thinking I may have to delete the boot partition and start again.
I've got an old copy of Ghost that I believe works on XP. Is that a good way of deleting and reinstating the boot partition without affecting the secondary partition. Will that really clobber a boot sector trojan?
Bset regards
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Sun 18 Dec 2011, 5:39 am

Here's another boot disk that you may have better more luck.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Sun 18 Dec 2011, 7:47 am

Hello Dave
Thanks for the added instructions which I will follow "just to be sure to be sure" as the Irish say.
However, running DrWeb_LiveCD seems to have had a good effect. I have not seen a blue screen of death since doing that nor have I seen a Norton box yabbering about Tidserv - wheee!!! I guess my main concern now is how do I tell whether I have really got rid of Tidserv since nothing I ever used actually found it under that name. ????
Malwarebytes is still preventing dial-home activity to at least three potentially malicious sites - any suggestion as to what to do about that?
Best regards
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Sun 18 Dec 2011, 10:54 am

MBAM is still preventing dial-home activity to at least three potentially malicious sites - any suggestion as to what to do about that?
That's good. It's doing its job. Please run the SAS, MBAM and DDS scans and post the logs here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Sun 18 Dec 2011, 11:06 am

Hi Dave - Here's the result of running OTLPE
I hope you can make sense of it - it's gobbledeygook to me.
The system continues to run OK with no blue screens or Tidserv warnings - only the Malwarebytes warnings about dialouts
================================================
OTL logfile created on: 12/17/2011 2:46:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 771.00 Mb Available Physical Memory | 75.00% Memory free
907.00 Mb Paging File | 845.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 322.27 Gb Total Space | 44.68 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 14.16 Gb Total Space | 1.52 Gb Free Space | 10.73% Space Free | Partition Type: FAT32
Drive E: | 698.64 Gb Total Space | 80.63 Gb Free Space | 11.54% Space Free | Partition Type: NTFS
Drive F: | 143.49 Gb Total Space | 11.61 Gb Free Space | 8.09% Space Free | Partition Type: NTFS
Drive G: | 97.62 Gb Total Space | 0.88 Gb Free Space | 0.90% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Secunia Update Agent)
SRV - File not found [Auto] -- -- (Secunia PSI Agent)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (MySQL)
SRV - File not found [Auto] -- -- (MBAMService)
SRV - File not found [On_Demand] -- -- (CoordinatorServiceHost)
SRV - File not found [Auto] -- -- (btwdins)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (Apache2.2)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/07 21:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 19:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/08 15:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/01 22:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/08/23 23:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/13 01:40:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 19:28:11 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/12/16 18:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/26 01:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/07 16:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/02/08 20:38:52 | 000,056,344 | ---- | M] (Memeo) [Disabled] -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService)
SRV - [2005/09/23 09:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (iycct)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/12/15 07:31:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111216.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/15 07:31:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/15 07:31:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111216.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/12 17:55:45 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SMR210.SYS -- (SMR210)
DRV - [2011/12/08 17:01:21 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/07 18:43:12 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111216.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/24 02:08:44 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 12:29:26 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/26 19:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\symefa.sys -- (SymEFA)
DRV - [2011/08/31 20:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 18:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 21:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 21:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 21:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\symds.sys -- (SymDS)
DRV - [2011/07/25 21:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/10/29 16:42:01 | 000,245,888 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2010/10/27 20:58:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/12 11:44:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/09 23:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/20 09:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/07 16:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 16:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/22 11:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009/03/13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2008/08/26 12:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2007/07/23 16:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2004/10/07 13:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/09 23:23:48 | 000,032,640 | R--- | M] (Cypress Semiconductor) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/07/01 14:29:10 | 000,022,183 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003/07/01 14:28:46 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/07/01 14:25:56 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/03/13 16:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/06 16:48:08 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2002/09/19 21:19:56 | 000,205,056 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Clive_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Clive_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\Clive_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Clive_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Clive\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Clive\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/11 17:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/12/17 16:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/01/28 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 11:31:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/10/29 21:23:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/10/29 21:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/12 12:04:12 | 000,000,000 | ---D | M]

[2010/10/01 18:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Extensions
[2010/10/01 18:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/09/21 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/12/17 13:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions
[2010/10/03 12:50:58 | 000,000,000 | ---D | M] (Link Evaluator) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{2d4271b9-cc9f-4f37-8b1e-340293eacd5c}
[2011/12/17 13:38:32 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/11/09 19:28:10 | 000,000,000 | ---D | M] ("OutWit Kernel") -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2011/12/07 12:51:25 | 000,000,000 | ---D | M] (ViralinBox) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{8e319c1c-b993-4bf3-9aab-b4455476652e}
[2011/04/03 09:27:12 | 000,000,000 | ---D | M] (Web Enhancements) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/10/03 17:01:41 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/01/06 17:54:46 | 000,000,000 | ---D | M] ("PPC Web Spy Toolbar") -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2011/11/09 19:27:55 | 000,000,000 | ---D | M] ("Outwit Docs") -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\outwit-docs@outwit.com
[2010/10/25 20:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions
[2010/10/15 11:49:15 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/10/15 11:49:16 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/10/15 11:49:15 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions\inspector@mozilla.org
[2011/11/28 00:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/04 13:08:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/05 02:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/04 22:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/04 22:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/04 22:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\Clive_ON_C..\Run: [OpAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB Sharing.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Clive_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Clive_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Clive_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Clive_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} [You must be registered and logged in to see this link.] (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} [You must be registered and logged in to see this link.] (InstaFred Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} [You must be registered and logged in to see this link.] (AcPreview Control)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 00:23:50 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/11 18:27:00 | 000,000,132 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0337e984-6d66-11de-ba87-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0337e984-6d66-11de-ba87-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0337e984-6d66-11de-ba87-806d6172696f}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe
O33 - MountPoints2\{fe4db67b-40ea-11df-acce-00e018f9eab8}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4db67b-40ea-11df-acce-00e018f9eab8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe4db67b-40ea-11df-acce-00e018f9eab8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Sun 18 Dec 2011, 11:07 am

AND here is the rest of the OTL.txt file
===========================================
========== Files/Folders - Created Within 90 Days ==========

[2011/12/15 01:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\SUPERAntiSpyware.com
[2011/12/15 00:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/15 00:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/15 00:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/14 15:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/14 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/14 13:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\HiJackThis
[2011/12/13 12:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\Backup Details
[2011/12/13 08:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\AAALLL TRANSFERS I to Z
[2011/12/12 19:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\FixZeroAccess
[2011/12/12 19:19:18 | 001,776,248 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Clive\Desktop\FixZeroAccess.exe
[2011/12/12 18:10:22 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2011/12/12 17:55:45 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR210.SYS
[2011/12/12 17:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Local Settings\Application Data\NPE
[2011/12/12 02:42:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2011/12/11 18:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/11 17:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/11 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/08 15:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\Norton
[2011/12/08 15:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/07 12:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Appnimi
[2011/12/07 12:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Appnimi
[2011/11/20 20:23:00 | 000,000,000 | ---D | C] -- C:\SW2010_SP0.0
[2011/11/18 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 01:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\Auslogics
[2011/11/14 01:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/11/14 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/11/13 14:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskTrix
[2011/11/13 14:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\DiskTrix
[2011/11/06 13:57:15 | 000,000,000 | ---D | C] -- C:\Sony
[2011/10/29 21:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/29 21:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/24 16:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 16:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/13 18:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Local Settings\Application Data\MPlayer
[2011/10/13 18:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\.umplayer
[2011/10/13 18:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\UMPlayer
[2011/10/13 11:27:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/12 12:02:34 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/10/12 12:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/10/07 13:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/05 19:45:00 | 000,000,000 | ---D | C] -- C:\AAALLL NEW MUSIC FOR OUR CD PARTY 9 SEPT 2011
[2011/10/05 19:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2011/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2011/10/05 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\CNET TechTracker
[2011/10/05 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\CBS Interactive
[2011/10/03 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/10/02 16:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\MySQL
[2011/10/01 12:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\XAMPP for Windows
[2011/09/30 16:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/09/30 00:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MySQL
[2011/09/30 00:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/09/30 00:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\My Web Sites
[2011/09/30 00:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\IISExpress
[2011/09/30 00:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft WebMatrix
[2011/09/30 00:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WebMatrix
[2011/09/30 00:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2011/09/30 00:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\MySQL
[2011/09/30 00:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/09/30 00:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2011/09/30 00:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/09/29 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IIS 7.0 Extensions
[2011/09/29 20:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2011/09/29 19:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2011/09/29 18:06:49 | 000,028,256 | ---- | C] (Applian Technologies Inc.) -- C:\WINDOWS\System32\drivers\appliand.sys
[2011/09/29 18:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2011/09/29 18:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\Replay Media Catcher 4
[2011/09/27 13:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\phpDesigner
[2011/09/27 13:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\phpDesigner 7
[2011/09/27 13:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\phpDesigner
[2011/09/27 13:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\phpDesigner 7
[2011/09/27 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2011/09/27 11:36:32 | 000,025,392 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2011/09/27 11:36:28 | 000,026,672 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2011/09/27 11:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2011/09/27 11:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/09/27 11:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of Working Network Magic
[2011/09/26 22:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\Marinviews from live site 26SEP2011 839PM
[2011/09/21 12:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Local Settings\Application Data\PandaBatchFileRenamer
[2011/09/21 12:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\Animal Software
[2011/09/21 12:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Batch File Renamer
[2011/09/20 18:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\SynchroMaster
[2011/09/20 18:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SynchroMaster
[2011/09/20 18:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\SynchroMaster
[2011/09/20 13:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\CuteFTP Clives Websites Data
[2011/09/20 12:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\Drive Image 16 Sept 2010
[2009/07/13 23:04:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Clive\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/12/17 17:38:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/17 17:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1004UA.job
[2011/12/17 17:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1004Core.job
[2011/12/17 16:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 14:05:17 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/17 14:04:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 14:04:23 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/12/17 14:04:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1390067357-839522115-1004.job
[2011/12/17 14:04:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/17 14:03:52 | 1073,319,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 13:32:01 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/17 13:32:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/12/16 02:30:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 19:11:44 | 002,396,768 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/15 13:41:23 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/12/15 07:07:15 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to SUPERAntiSpyware.exe.lnk
[2011/12/15 00:58:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/15 00:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/14 18:12:57 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/14 18:07:37 | 001,682,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:51:59 | 000,734,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/14 15:36:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\MBR.dat
[2011/12/14 13:36:30 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\HiJackThis.lnk
[2011/12/14 12:12:58 | 000,006,192 | ---- | M] () -- C:\{5FCC6C63-7A79-4217-9008-9874AA1F7CA2}
[2011/12/14 12:07:58 | 000,004,872 | ---- | M] () -- C:\{EBD9651B-6261-4D6B-9B46-903819BE7DF7}
[2011/12/14 11:51:26 | 000,004,872 | ---- | M] () -- C:\{1AD75ED9-E848-4120-8F59-7B872D040CBB}
[2011/12/14 06:30:04 | 000,004,872 | ---- | M] () -- C:\{C70EDF80-9BD5-45CE-A392-821B1FEFD2B0}
[2011/12/14 01:34:20 | 000,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/12/13 20:40:47 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 20:30:37 | 000,000,191 | ---- | M] () -- C:\WINDOWS\phpdesigner.ini
[2011/12/13 20:21:23 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-28FEL.exe
[2011/12/13 20:21:23 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-28FEL.msg
[2011/12/13 20:21:23 | 000,000,393 | ---- | M] () -- C:\WINDOWS\is-28FEL.lst
[2011/12/13 18:06:04 | 000,004,872 | ---- | M] () -- C:\{AC77E8C2-4F3C-4944-A066-79EBF368EC28}
[2011/12/13 17:49:55 | 000,004,872 | ---- | M] () -- C:\{E970B01C-3D88-419E-BA0D-AF8A66471B0F}
[2011/12/13 17:34:30 | 000,004,872 | ---- | M] () -- C:\{C3667A11-2EC5-4B59-AF72-B820B31DC20B}
[2011/12/13 17:17:33 | 000,004,872 | ---- | M] () -- C:\{610A3504-5FF3-4C1E-B991-0E6CF05203FE}
[2011/12/13 17:01:11 | 000,004,856 | ---- | M] () -- C:\{CF339214-7860-4944-931A-0D539A7A798A}
[2011/12/13 16:45:41 | 000,004,872 | ---- | M] () -- C:\{633A5982-6479-46E2-9B92-B78FAAB70DD6}
[2011/12/13 16:29:21 | 000,004,872 | ---- | M] () -- C:\{740D24BC-5B92-4550-89C1-3A0AB5D9C4F5}
[2011/12/13 16:20:20 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 15:39:57 | 000,006,192 | ---- | M] () -- C:\{82D273DB-6DF2-4844-AE9B-07D26F51C014}
[2011/12/13 15:09:30 | 000,004,856 | ---- | M] () -- C:\{57A4138A-6D2C-45B9-B394-3943287836B5}
[2011/12/13 11:57:44 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2011/12/13 09:16:52 | 000,004,872 | ---- | M] () -- C:\{41E8C7AA-05C2-4117-9A04-0F5B2B040DE0}
[2011/12/12 21:57:06 | 001,776,248 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Clive\Desktop\FixZeroAccess.exe
[2011/12/12 20:11:33 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/12 18:10:29 | 000,384,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\SMR210.dat
[2011/12/12 18:10:22 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2011/12/12 17:55:45 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR210.SYS
[2011/12/12 13:00:55 | 000,032,280 | ---- | M] () -- C:\{C91F9F0C-FCAF-45F5-9EE9-C1307A804E99}
[2011/12/11 18:06:27 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/11 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/10 20:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/09 11:59:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1390067357-839522115-1004.job
[2011/12/08 22:35:53 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/08 21:52:29 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Norton Installation Files.lnk
[2011/12/08 17:01:21 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/08 17:01:21 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/08 17:01:21 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/08 17:01:21 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/07 12:43:05 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Appnimi RAR Password Unlocker.lnk
[2011/12/07 12:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Appnimi
[2011/12/05 13:05:25 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/29 14:10:49 | 000,001,041 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2011/11/28 00:49:04 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/28 00:49:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/26 14:44:14 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Analytics Settings - Google Analytics.URL
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/11/22 13:31:51 | 000,000,492 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/19 18:41:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/18 19:22:50 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 19:22:48 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Google Chrome.lnk
[2011/11/18 14:04:09 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/18 14:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 01:09:15 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\AusLogics Disk Defrag.lnk
[2011/11/14 01:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/11/13 14:29:05 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to UDefrag.exe.lnk
[2011/11/13 14:27:16 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltimateDefrag.LNK
[2011/11/13 14:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskTrix
[2011/11/12 16:39:47 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/09 15:36:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 14:23:00 | 000,503,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 14:23:00 | 000,088,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 14:20:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\U12A_20e.INI
[2011/11/04 14:20:51 | 005,978,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/11/04 14:20:51 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/11/04 14:20:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2011/11/04 14:20:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/11/04 14:20:51 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/11/04 14:20:51 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/11/04 14:20:51 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/11/04 14:20:51 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/11/04 14:20:51 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/11/04 14:20:51 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/11/04 14:20:51 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/11/04 14:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2011/11/04 14:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2011/11/04 14:20:51 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/11/04 14:20:51 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2011/11/04 14:20:51 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/11/04 14:20:51 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2011/11/04 14:20:51 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/11/04 14:20:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2011/11/04 14:20:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/11/04 14:20:50 | 011,081,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/11/04 14:20:50 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/11/04 14:20:50 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2011/11/04 14:20:50 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/11/04 14:20:50 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/11/04 14:20:50 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/11/04 13:58:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/11/04 06:23:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/11/04 02:16:12 | 000,655,360 | ---- | M] () -- C:\ffastunT.ffl
[2011/11/03 19:43:43 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/11/02 19:08:42 | 000,007,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/11/01 11:07:10 | 001,288,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2011/10/29 21:22:16 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/29 21:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/29 18:51:21 | 000,028,203 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\2011-10-29_1650.png
[2011/10/28 00:31:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2011/10/28 00:31:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2011/10/25 08:37:08 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/10/25 07:52:03 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2011/10/25 07:52:03 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/10/25 07:52:02 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/10/24 16:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 16:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/24 15:52:50 | 000,000,737 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/24 15:51:47 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/10/24 15:51:46 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2011/10/24 15:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/10/21 23:01:59 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\SSA Benefit Calculator.lnk
[2011/10/19 17:31:53 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Clive\.recently-used.xbel
[2011/10/19 17:04:16 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2011/10/19 08:30:06 | 000,002,784 | ---- | M] () -- C:\{EBC6B4FC-BEC0-48DF-BC04-172C317A3031}
[2011/10/19 02:25:32 | 000,002,224 | ---- | M] () -- C:\{BE150900-2110-4F68-A871-1006A5C535FD}
[2011/10/18 12:26:20 | 000,121,096 | ---- | M] () -- C:\WINDOWS\System32\MSForms.TWD
[2011/10/18 06:13:22 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/16 14:06:44 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 5.mpp
[2011/10/16 13:14:26 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 4.mpp
[2011/10/16 00:30:06 | 000,372,736 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 3.mpp
[2011/10/15 23:47:34 | 000,387,584 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 2.mpp
[2011/10/15 18:01:32 | 000,188,416 | -H-- | M] () -- C:\ffastun.ffo
[2011/10/15 18:01:32 | 000,004,718 | -H-- | M] () -- C:\ffastun.ffa
[2011/10/15 18:01:31 | 014,987,264 | -H-- | M] () -- C:\ffastun0.ffx
[2011/10/15 18:01:31 | 000,376,832 | -H-- | M] () -- C:\ffastun.ffl
[2011/10/15 14:58:02 | 000,035,262 | ---- | M] () -- C:\WINDOWS\Clive.acl
[2011/10/15 14:50:49 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to WINPROJ.EXE.lnk
[2011/10/15 14:41:50 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/15 14:41:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\MSMAIL32.INI
[2011/10/15 14:41:49 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk
[2011/10/13 18:08:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UMPlayer.lnk
[2011/10/13 16:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/12 12:29:41 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/10/12 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2011/10/12 11:05:20 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Notepad++.lnk
[2011/10/10 09:22:41 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/10/07 13:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/05 19:37:44 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\IsoBuster.lnk
[2011/10/05 19:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2011/10/05 19:36:49 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\CNET TechTracker.lnk
[2011/10/03 12:02:31 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/03 12:02:31 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/03 12:02:31 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/10/02 16:31:47 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to MySQLWorkbench.exe.lnk
[2011/10/02 16:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\MySQL
[2011/10/01 15:57:29 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2011/10/01 12:35:50 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\XAMPP Control Panel.lnk
[2011/09/30 17:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon
[2011/09/30 16:37:22 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2011/09/30 16:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/09/30 11:39:48 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\CLIVE2011.TAX
[2011/09/30 11:38:22 | 000,078,840 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\CLIVE2011.BAK
[2011/09/30 10:30:16 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\e-tax 2011.lnk
[2011/09/30 01:25:00 | 000,420,466 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1390067357-839522115-1004-0.dat
[2011/09/30 01:24:59 | 000,420,466 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/30 00:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft WebMatrix
[2011/09/29 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IIS 7.0 Extensions
[2011/09/29 19:49:40 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2011/09/29 19:05:41 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to EasyPHP-5.3.2.lnk
[2011/09/29 18:06:48 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2011/09/29 18:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2011/09/28 02:06:50 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/28 00:43:30 | 000,027,830 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\phpdesigner.xml
[2011/09/27 13:49:00 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\phpDesigner 7.lnk
[2011/09/27 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\phpDesigner 7
[2011/09/27 11:40:33 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2011/09/27 11:40:31 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Network Magic.lnk
[2011/09/27 11:37:04 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2011/09/26 19:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/09/26 19:37:31 | 000,003,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/09/26 19:14:42 | 000,002,801 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symvtcer.dat
[2011/09/26 13:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 13:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 13:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 13:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/25 11:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/09/25 00:49:51 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to phpDesignerPrg.exe.lnk
[2011/09/25 00:49:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/24 21:55:41 | 000,006,224 | ---- | M] () -- C:\{018132AA-A563-43FB-83C2-6A4252D95F58}
[2011/09/24 21:51:02 | 000,006,120 | ---- | M] () -- C:\{91CA3ECA-C5A7-4DCE-9D0B-1EB8576FADB5}
[2011/09/23 11:22:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PhotoNow.INI
[2011/09/21 17:22:00 | 000,003,708 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\wp-config.php
[2011/09/21 12:15:18 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Panda Batch File Renamer.lnk
[2011/09/20 23:22:29 | 000,003,394 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\SAS7_000.DAT
[2011/09/20 23:17:12 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011/09/20 18:57:37 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\SynchroMaster.lnk
[2011/09/20 18:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SynchroMaster
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 13:32:01 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/16 02:14:11 | 1073,319,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/15 16:13:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 07:07:12 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to SUPERAntiSpyware.exe.lnk
[2011/12/15 00:58:00 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/14 15:36:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\MBR.dat
[2011/12/14 13:36:30 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\HiJackThis.lnk
[2011/12/14 12:12:58 | 000,006,192 | ---- | C] () -- C:\{5FCC6C63-7A79-4217-9008-9874AA1F7CA2}
[2011/12/14 12:07:58 | 000,004,872 | ---- | C] () -- C:\{EBD9651B-6261-4D6B-9B46-903819BE7DF7}
[2011/12/14 11:51:26 | 000,004,872 | ---- | C] () -- C:\{1AD75ED9-E848-4120-8F59-7B872D040CBB}
[2011/12/14 06:30:04 | 000,004,872 | ---- | C] () -- C:\{C70EDF80-9BD5-45CE-A392-821B1FEFD2B0}
[2011/12/13 20:21:23 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-28FEL.exe
[2011/12/13 20:21:23 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-28FEL.msg
[2011/12/13 20:21:23 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 20:21:23 | 000,000,393 | ---- | C] () -- C:\WINDOWS\is-28FEL.lst
[2011/12/13 18:06:04 | 000,004,872 | ---- | C] () -- C:\{AC77E8C2-4F3C-4944-A066-79EBF368EC28}
[2011/12/13 17:49:55 | 000,004,872 | ---- | C] () -- C:\{E970B01C-3D88-419E-BA0D-AF8A66471B0F}
[2011/12/13 17:34:30 | 000,004,872 | ---- | C] () -- C:\{C3667A11-2EC5-4B59-AF72-B820B31DC20B}
[2011/12/13 17:17:33 | 000,004,872 | ---- | C] () -- C:\{610A3504-5FF3-4C1E-B991-0E6CF05203FE}
[2011/12/13 17:01:11 | 000,004,856 | ---- | C] () -- C:\{CF339214-7860-4944-931A-0D539A7A798A}
[2011/12/13 16:45:41 | 000,004,872 | ---- | C] () -- C:\{633A5982-6479-46E2-9B92-B78FAAB70DD6}
[2011/12/13 16:29:21 | 000,004,872 | ---- | C] () -- C:\{740D24BC-5B92-4550-89C1-3A0AB5D9C4F5}
[2011/12/13 15:39:57 | 000,006,192 | ---- | C] () -- C:\{82D273DB-6DF2-4844-AE9B-07D26F51C014}
[2011/12/13 15:09:29 | 000,004,856 | ---- | C] () -- C:\{57A4138A-6D2C-45B9-B394-3943287836B5}
[2011/12/13 09:16:51 | 000,004,872 | ---- | C] () -- C:\{41E8C7AA-05C2-4117-9A04-0F5B2B040DE0}
[2011/12/12 21:24:36 | 000,162,816 | ---- | C] () -- C:\netbt.sys
[2011/12/12 19:22:47 | 002,396,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/12 17:55:46 | 000,384,414 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR210.dat
[2011/12/12 13:00:55 | 000,032,280 | ---- | C] () -- C:\{C91F9F0C-FCAF-45F5-9EE9-C1307A804E99}
[2011/12/08 15:20:59 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Norton Installation Files.lnk
[2011/12/07 12:43:05 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Appnimi RAR Password Unlocker.lnk
[2011/11/26 14:44:14 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Analytics Settings - Google Analytics.URL
[2011/11/18 14:04:08 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/14 01:09:15 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\AusLogics Disk Defrag.lnk
[2011/11/13 14:29:05 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to UDefrag.exe.lnk
[2011/11/13 14:27:16 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UltimateDefrag.LNK
[2011/11/12 16:39:47 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/06 14:20:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\U12A_20e.INI
[2011/11/06 13:57:15 | 000,151,552 | ---- | C] () -- C:\WINDOWS\CheckModels.exe
[2011/11/03 18:55:03 | 000,655,360 | ---- | C] () -- C:\ffastunT.ffl
[2011/10/29 21:22:14 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/29 18:51:21 | 000,028,203 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\2011-10-29_1650.png
[2011/10/24 15:51:47 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/10/24 15:51:46 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2011/10/21 23:01:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\SSA Benefit Calculator.lnk
[2011/10/19 17:31:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Clive\.recently-used.xbel
[2011/10/19 08:30:06 | 000,002,784 | ---- | C] () -- C:\{EBC6B4FC-BEC0-48DF-BC04-172C317A3031}
[2011/10/19 02:25:31 | 000,002,224 | ---- | C] () -- C:\{BE150900-2110-4F68-A871-1006A5C535FD}
[2011/10/18 12:26:20 | 000,121,096 | ---- | C] () -- C:\WINDOWS\System32\MSForms.TWD
[2011/10/16 13:28:25 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 5.mpp
[2011/10/16 13:14:24 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 4.mpp
[2011/10/15 23:47:51 | 000,372,736 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 3.mpp
[2011/10/15 20:56:07 | 000,387,584 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 2.mpp
[2011/10/15 18:01:32 | 000,004,718 | -H-- | C] () -- C:\ffastun.ffa
[2011/10/15 18:01:31 | 000,188,416 | -H-- | C] () -- C:\ffastun.ffo
[2011/10/15 18:01:27 | 014,987,264 | -H-- | C] () -- C:\ffastun0.ffx
[2011/10/15 17:52:21 | 000,376,832 | -H-- | C] () -- C:\ffastun.ffl
[2011/10/15 14:58:02 | 000,035,262 | ---- | C] () -- C:\WINDOWS\Clive.acl
[2011/10/15 14:50:49 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to WINPROJ.EXE.lnk
[2011/10/15 14:41:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2011/10/15 14:41:49 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk
[2011/10/13 18:08:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UMPlayer.lnk
[2011/10/12 12:29:36 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/10/07 13:54:00 | 000,002,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/05 19:37:43 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\IsoBuster.lnk
[2011/10/05 19:36:48 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\CNET TechTracker.lnk
[2011/10/03 12:02:31 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/03 12:02:31 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/10/03 12:02:30 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/03 12:02:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/10/02 16:31:47 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to MySQLWorkbench.exe.lnk
[2011/10/01 12:35:05 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\XAMPP Control Panel.lnk
[2011/09/30 01:24:59 | 000,420,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/30 01:24:59 | 000,420,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1390067357-839522115-1004-0.dat
[2011/09/29 19:49:40 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2011/09/29 19:05:41 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to EasyPHP-5.3.2.lnk
[2011/09/29 18:06:48 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2011/09/28 00:43:30 | 000,027,830 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\phpdesigner.xml
[2011/09/27 13:49:00 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\phpDesigner 7.lnk
[2011/09/27 11:40:31 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Network Magic.lnk
[2011/09/27 11:40:31 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2011/09/25 00:49:51 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to phpDesignerPrg.exe.lnk
[2011/09/24 21:55:41 | 000,006,224 | ---- | C] () -- C:\{018132AA-A563-43FB-83C2-6A4252D95F58}
[2011/09/24 21:51:02 | 000,006,120 | ---- | C] () -- C:\{91CA3ECA-C5A7-4DCE-9D0B-1EB8576FADB5}
[2011/09/23 11:22:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/09/21 17:22:00 | 000,003,708 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\wp-config.php
[2011/09/21 12:15:18 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Panda Batch File Renamer.lnk
[2011/09/20 18:57:36 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\SynchroMaster.lnk
[2011/09/08 14:51:35 | 000,152,382 | ---- | C] () -- C:\WINDOWS\AudioLabel Uninstaller.exe
[2011/04/03 09:29:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/03 09:29:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/29 16:42:01 | 000,245,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2010/10/27 21:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AceCrypt.dll
[2010/10/27 20:58:41 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/10/27 20:57:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hsduinst.exe
[2010/10/27 20:57:09 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/10/27 18:26:06 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/10 21:51:41 | 000,000,229 | ---- | C] () -- C:\WINDOWS\OPENFX_.INI
[2010/10/03 00:37:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/08/10 19:28:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/04/18 06:12:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/09 21:26:42 | 000,000,015 | ---- | C] () -- C:\WINDOWS\cfwin.ini
[2010/03/09 21:26:38 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cfwinlib.ini
[2010/02/19 13:49:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\Schedule8.dat
[2010/02/09 16:54:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2010/01/26 14:24:34 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Clive\GoToAssistDownloadHelper.exe
[2010/01/08 18:40:19 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/12/22 14:42:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/27 18:48:24 | 000,640,512 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2009/11/27 18:48:24 | 000,640,512 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2009/11/27 17:35:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/26 22:50:40 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/11/25 18:41:02 | 000,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/25 18:41:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/25 18:41:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/25 18:41:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/25 18:41:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/14 17:17:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\fusioncache.dat
[2009/11/11 17:51:25 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/11 17:51:25 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C9EAF77DC1.sys
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/13 19:00:30 | 000,086,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/12 10:57:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo9840cd.ini
[2009/08/28 00:37:09 | 000,003,394 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\SAS7_000.DAT
[2009/08/01 20:28:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/07/29 23:58:18 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/07/29 23:58:16 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/07/28 15:50:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\XDirTree.dll
[2009/07/28 15:50:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\XFileLst.dll
[2009/07/28 15:29:18 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\efea2_g.dll
[2009/07/27 18:42:21 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Clive\g2mdlhlpx.exe
[2009/07/27 13:40:47 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/22 17:41:54 | 000,000,191 | ---- | C] () -- C:\WINDOWS\phpdesigner.ini
[2009/07/22 13:13:30 | 000,000,395 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/07/21 18:55:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/21 13:37:04 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:11:13 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/17 13:44:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd9840cd.dat
[2009/07/16 20:51:05 | 000,000,492 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/16 20:51:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/16 20:48:08 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/07/16 19:41:28 | 000,001,041 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/07/15 13:07:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2009/07/13 23:04:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\pcouffin.cat
[2009/07/13 23:04:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\pcouffin.inf
[2009/07/13 18:46:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2009/07/13 18:46:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CNCFMS60.EXE
[2009/07/12 12:55:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/11 15:27:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/07/10 17:48:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/10 17:44:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/10 10:33:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/10 10:32:54 | 001,682,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/21 22:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/10/22 14:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 14:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 14:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 14:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 14:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 14:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 14:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 14:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 14:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 14:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 14:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/04 22:24:28 | 000,010,747 | ---- | C] () -- C:\WINDOWS\System32\UDBDef.exe
[2005/11/24 14:49:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/07/01 14:44:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/07/01 14:43:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/07/01 14:38:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/07/01 14:29:10 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,503,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2002/08/29 07:00:00 | 000,088,628 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/06/12 03:37:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe
[2000/03/30 00:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 20:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 17:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 23:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998/04/07 02:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1998/01/28 02:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1996/11/17 02:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/03/15 00:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Amazon
[2011/09/21 12:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Animal Software
[2009/09/03 02:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Ashampoo
[2011/11/14 01:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Auslogics
[2011/02/11 04:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Auto Click Profits
[2010/06/29 01:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Autodesk
[2011/04/01 07:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Backslash
[2011/09/30 17:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Canon
[2011/10/05 19:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\CBS Interactive
[2011/09/17 19:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\CopyToDvd
[2010/08/13 00:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DAEMON Tools Lite
[2010/08/10 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DassaultSystemes
[2011/11/17 00:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Domain Name Analyzer v4.1
[2009/11/26 22:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DonationCoder
[2010/10/11 12:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DWGeditor
[2009/11/19 02:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\EBookSys
[2010/08/10 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\EDrawings
[2011/12/12 19:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\FixZeroAccess
[2009/07/22 11:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\GlarySoft
[2009/07/14 01:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\GlobalSCAPE
[2011/12/07 13:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\gtk-2.0
[2009/07/22 17:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\JAM Software
[2011/02/04 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Keyword Advantage
[2010/08/30 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Luxology
[2011/03/06 20:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/10/02 16:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\MySQL
[2011/01/28 14:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Nokia
[2011/10/12 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Notepad++
[2009/08/11 18:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Nuance
[2009/11/02 16:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Nvu
[2009/08/02 12:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Opera
[2011/08/21 13:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\OutWit
[2011/09/15 00:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\PandoraRecovery
[2010/04/14 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Participatory Culture Foundation
[2010/06/25 16:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\PC Suite
[2011/12/07 15:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\PCF-VLC
[2009/08/01 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\pdf995
[2011/10/10 13:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\phpDesigner
[2011/09/29 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Replay Media Catcher 4
[2009/07/22 13:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\ScanSoft
[2009/10/11 03:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Softnik Technologies
[2011/09/20 21:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\SynchroMaster
[2011/08/08 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\TeamViewer
[2010/11/20 16:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Tific
[2011/07/10 01:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Usenet.nl
[2011/12/07 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\UseNeXT
[2010/05/24 12:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Vso
[2011/03/02 19:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\WordWeb
[2010/03/12 16:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\YouSendIt
[2009/07/22 13:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Zeon
[2011/08/11 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2011/03/18 17:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2009/09/03 02:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/07/05 19:08:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/13 11:27:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/05 20:46:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/08/12 11:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/10 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/11/26 20:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2011/01/28 15:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/09/30 00:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/06/25 01:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/07/18 18:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/08/11 18:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/11/12 15:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/06/25 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/02 17:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/09/27 13:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\phpDesigner
[2009/09/02 23:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/17 18:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/01/25 23:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2009/08/11 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/13 10:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/11/11 17:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/14 17:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2011/09/20 23:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 00:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/06 13:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/17 14:04:23 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 409 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36085B5
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FB286BF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12F3A419
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5B56640
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B18E8E9
< End of report >

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Sun 18 Dec 2011, 11:11 am

AND I will do the following when I can

Please run the SAS, MBAM and DDS scans and post the logs here.

Cheers
CB

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Sun 18 Dec 2011, 11:40 am

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - File not found
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\Clive_ON_C..\Run: [OpAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB Sharing.lnk = File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found

:folders

C:\Program Files\Search Toolbar

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Sun 18 Dec 2011, 5:55 pm

I Ran the Fix and it said "process completed" but no log file or whatever opened up and the only relevant text file I could find was the one below that was in a C:\OTL\MovedFiles folder and was called 12172011_214116.log


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\Clive_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\OpAgent deleted successfully.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB Sharing.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB858B22-55E2-413f-87F5-30ADC5552151}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB858B22-55E2-413f-87F5-30ADC5552151}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - File not found not found.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret in the current context!
========== COMMANDS ==========
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 12172011_214116

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Mon 19 Dec 2011, 7:06 am

I still need the logs from SAS, MBAM and DDS (2).

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Mon 19 Dec 2011, 10:34 am

Hi Dave
It's party weekend here in the "Keys" (Bel Marin keys that is) so I'll have to do those tomorrow.
All the best
Clive
P.S. Three sequential Christmas parties yesterday!

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Tue 20 Dec 2011, 7:17 am

Hi Dave
I have the logs from SAS, MBAM and DDS runs and will try to attach them here - hope it works better this time than any time before.
However, I read a story once where this crew of a few men were trying to cross the pacific ocean in a large wooden boat they had built themselves. Not being experts they had not taken into account what a teredo worm can do to a wooden boat and as they progressed they found themselves spending all their waking moments bailing or patching the boat as it sank further and further into the water and gradually became more like a giant sponge riddled with teredo wormholes than a functioning boat. I believe it broke up before they reached land but were close enough that they were rescued.
Unfortunately, I feel like that with my desktop. Now I have to go through two boot cycles every time to get it up and going - the first cycle resulting in a blue screen of death. Also, I find that quite a number of my vital applications don't work anymore - can't connect to the internet, can't fix that with Network Magic (Platform missing) or Internet Explorer (Winsock catalog missing).
I think I may have to bite the bullet and revert the system to factory state.
Please have a look at the attached files and let me have your thoughts.
Best regards
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Tue 20 Dec 2011, 7:24 am

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Tue 20 Dec 2011, 5:29 pm

Hi Dave
I've been away from my desk most of today but finally managed to create the BSOD file which I will attempt to paste below. If that doesn't work please look for it at [You must be registered and logged in to see this link.]
I would greatly appreciate a little insight into what you are looking for in all these files and also your best educated guess as to our chances of pulling this one out of the fire and, if so, when.
Best regards
Clive
===================================================
==================================================
Dump File : Mini121911-02.dmp
Crash Time : 12/19/2011 11:07:18 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6badc74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121911-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121911-01.dmp
Crash Time : 12/19/2011 5:49:07 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6ba9c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121911-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121511-06.dmp
Crash Time : 12/15/2011 10:21:15 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6bb5c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121511-06.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121511-05.dmp
Crash Time : 12/15/2011 10:02:14 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6bb5c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121511-05.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121511-04.dmp
Crash Time : 12/15/2011 4:52:11 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b81c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121511-04.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121511-03.dmp
Crash Time : 12/15/2011 4:25:40 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b79c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121511-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121511-02.dmp
Crash Time : 12/15/2011 4:21:58 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b65c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121511-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121511-01.dmp
Crash Time : 12/15/2011 4:00:44 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b61c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121511-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121411-03.dmp
Crash Time : 12/14/2011 9:45:32 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b61c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121411-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121411-02.dmp
Crash Time : 12/14/2011 3:06:33 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b75c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121411-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121411-01.dmp
Crash Time : 12/14/2011 3:01:20 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b71c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121411-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121311-01.dmp
Crash Time : 12/13/2011 6:39:01 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b7dc74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121311-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121211-02.dmp
Crash Time : 12/12/2011 10:16:35 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80563bdc
Parameter 3 : 0xf6b83c74
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+8cbdc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+8cbdc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121211-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121211-01.dmp
Crash Time : 12/12/2011 4:19:35 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x000000b0
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8052d79e
Caused By Driver : CLASSPNP.SYS
Caused By Address : CLASSPNP.SYS+a456
File Description : SCSI Class System Dll
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5679e
Stack Address 1 : CLASSPNP.SYS+a456
Stack Address 2 : CLASSPNP.SYS+9b89
Stack Address 3 : ntoskrnl.exe+c807
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121211-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini121111-01.dmp
Crash Time : 12/11/2011 11:04:25 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000009a
Parameter 2 : 0x805197d9
Parameter 3 : 0xba5b05e0
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+427d9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+427d9
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121111-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini061811-01.dmp
Crash Time : 6/18/2011 10:27:30 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0xf76d5895
Parameter 3 : 0xf7ac8bd8
Parameter 4 : 0xf7ac88d4
Caused By Driver : CLASSPNP.SYS
Caused By Address : CLASSPNP.SYS+4895
File Description : SCSI Class System Dll
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : CLASSPNP.SYS+4895
Stack Address 1 : CLASSPNP.SYS+2d1d
Stack Address 2 : CLASSPNP.SYS+2cb1
Stack Address 3 : aksfridge.sys+21253
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061811-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini053010-01.dmp
Crash Time : 5/30/2010 11:44:52 AM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xa06c5940
Parameter 3 : 0xa06c563c
Parameter 4 : 0xf76b4ae8
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+42ae8
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c826
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+63c87
Stack Address 3 : ntoskrnl.exe+c807
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini053010-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini041410-01.dmp
Crash Time : 4/14/2010 5:55:09 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xf7c81940
Parameter 3 : 0xf7c8163c
Parameter 4 : 0xf76b4ae8
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+42ae8
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c826
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+63c87
Stack Address 3 : ntoskrnl.exe+c807
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041410-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini102609-01.dmp
Crash Time : 10/26/2009 8:05:43 AM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xf7c89940
Parameter 3 : 0xf7c8963c
Parameter 4 : 0xf76b4ae8
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+42ae8
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c806
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+63c87
Stack Address 3 : ntoskrnl.exe+c7f7
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102609-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini090309-01.dmp
Crash Time : 9/2/2009 11:54:36 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0xf7f3c002
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7aff0df
Caused By Driver : dvd43llh.sys
Caused By Address : dvd43llh.sys+10df
File Description : dvd43llh.sys
Product Name : DVD For Free
Company : RIF
File Version : 3.5.000
Processor : 32-bit
Crash Address : dvd43llh.sys+10df
Stack Address 1 : dvd43llh.sys+1962
Stack Address 2 : ntoskrnl.exe+cd38
Stack Address 3 : atapi.sys+76fc
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090309-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================


rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Wed 21 Dec 2011, 6:21 am

I would greatly appreciate a little insight into what you are looking for in all these files and also your best educated guess as to our chances of pulling this one out of the fire and, if so, when.
At this point it looks like an infected or corrupt file
Please run this even if you don't have the OS disk and let me know the results.
Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
*********************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Wed 21 Dec 2011, 5:53 pm

Hi Dave
Sorry - I wasn't able to do much towards the "war" effort today. I had to use my desktop for a number of things today and, amazingly, I am not getting any error messages now. Tomorrow I will follow your suggestions above. However, I don't have a copy of XP - only the Recovery disks that came with the computer (dreadful idea that!). So, should I try running SCF with the existing XP system on the desktop? Wasn't sure what to do there.
Best regards
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Thu 22 Dec 2011, 6:03 am

rich_hilton wrote:Hi Dave
Sorry - I wasn't able to do much towards the "war" effort today. I had to use my desktop for a number of things today and, amazingly, I am not getting any error messages now. Tomorrow I will follow your suggestions above. However, I don't have a copy of XP - only the Recovery disks that came with the computer (dreadful idea that!). So, should I try running SCF with the existing XP system on the desktop? Wasn't sure what to do there.
Best regards
Clive
Please run the SFC check even if you don't have the disk. If it finds a corrupt or missing file, it will prompt you for the disk.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Thu 22 Dec 2011, 1:33 pm

Hi Dave
I could only run ComboFix
It discovered that Rootkit.ZeroAccess had inserted itself into the tcp/ip stack and attempted to fix it.

Here's the logfile - gotta go.
Cheers
Clive
ComboFix 11-12-21.02 - Clive 12/21/2011 17:35:35.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.649 [GMT -8:00]
Running from: l:\combofix\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
c:\documents and settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\chrome.manifest
c:\documents and settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\ff-overlay.xul
c:\documents and settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\overlay.js
c:\documents and settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\install.rdf
c:\documents and settings\Clive\g2mdlhlpx.exe
c:\documents and settings\Clive\GoToAssistDownloadHelper.exe
c:\documents and settings\Clive\WINDOWS
c:\program files\Common Files\Help
c:\program files\Common Files\Help\_updated.js
c:\program files\Common Files\Help\qnue.chm
c:\program files\Common Files\Help\qnue.lif
c:\program files\Common Files\Help\qnue.lt3
c:\program files\Common Files\Help\qnue.rul
c:\program files\Common Files\Help\quicken.chm
c:\program files\Common Files\Help\quicken.lif
c:\program files\Common Files\Help\Quicken.lt3
c:\program files\Common Files\Help\Quicken.rul
c:\program files\Common Files\Help\quickenProject.lt3
c:\program files\Common Files\Help\quickenProject.rul
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\windows\$NtUninstallKB20212$\1774397239\@
c:\windows\$NtUninstallKB20212$\1774397239\bckfg.tmp
c:\windows\$NtUninstallKB20212$\1774397239\cfg.ini
c:\windows\$NtUninstallKB20212$\1774397239\Desktop.ini
c:\windows\$NtUninstallKB20212$\1774397239\keywords
c:\windows\$NtUninstallKB20212$\1774397239\kwrd.dll
c:\windows\$NtUninstallKB20212$\1774397239\L\tyiycewx
c:\windows\$NtUninstallKB20212$\1774397239\lsflt7.ver
c:\windows\$NtUninstallKB20212$\1774397239\U\00000001.@
c:\windows\$NtUninstallKB20212$\1774397239\U\00000002.@
c:\windows\$NtUninstallKB20212$\1774397239\U\00000004.@
c:\windows\$NtUninstallKB20212$\1774397239\U\80000000.@
c:\windows\$NtUninstallKB20212$\1774397239\U\80000004.@
c:\windows\$NtUninstallKB20212$\1774397239\U\80000032.@
c:\windows\$NtUninstallKB20212$\686445642
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\SET125F.tmp
c:\windows\system32\SET1263.tmp
c:\windows\system32\SET126B.tmp
J:\autorun.inf
K:\autorun.inf
c:\windows\$NtUninstallKB20212$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-20 23:14 . 2001-08-17 21:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-12-20 23:14 . 2002-08-29 06:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-12-20 23:14 . 2001-08-17 21:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-12-20 23:14 . 2001-08-17 20:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-12-20 23:14 . 2001-08-17 21:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2011-12-20 23:14 . 2001-08-17 21:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-12-20 23:14 . 2001-08-17 20:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-12-20 23:14 . 2001-08-17 22:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2011-12-20 23:14 . 2001-08-17 22:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2011-12-20 23:14 . 2001-08-17 21:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2011-12-20 02:51 . 2011-12-20 02:51 -------- d-----w- c:\program files\NirSoft
2011-12-18 02:41 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2011-12-18 02:37 . 2011-12-18 02:37 -------- d-----w- C:\_OTL
2011-12-15 06:00 . 2011-12-15 06:00 -------- d-----w- c:\documents and settings\Clive\Application Data\SUPERAntiSpyware.com
2011-12-15 05:57 . 2011-12-15 06:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-15 05:57 . 2011-12-15 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-14 20:04 . 2011-12-14 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-14 18:36 . 2011-12-14 18:36 388096 ----a-r- c:\documents and settings\Clive\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-14 18:36 . 2011-12-14 18:36 -------- d-----w- c:\program files\Trend Micro
2011-12-14 01:21 . 2011-12-14 01:21 709968 ----a-w- c:\windows\is-28FEL.exe
2011-12-13 02:24 . 2008-04-13 19:21 162816 ----a-w- C:\netbt.sys
2011-12-13 00:20 . 2011-12-13 00:20 -------- d-----w- c:\documents and settings\Clive\Application Data\FixZeroAccess
2011-12-12 23:10 . 2011-12-12 23:10 46640 ----a-w- c:\windows\system32\msln.exe
2011-12-12 22:55 . 2011-12-12 23:10 384414 ----a-w- c:\windows\system32\drivers\SMR210.dat
2011-12-12 22:55 . 2011-12-12 22:55 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-12-12 22:55 . 2011-12-13 00:08 -------- d-----w- c:\documents and settings\Clive\Local Settings\Application Data\NPE
2011-12-09 03:33 . 2011-12-11 22:51 -------- d-----w- c:\windows\system32\drivers\NIS\1302000.00A
2011-12-07 17:43 . 2011-12-07 17:43 -------- d-----w- c:\program files\Appnimi
2011-11-27 22:50 . 2011-11-05 03:20 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-27 22:50 . 2011-11-05 07:10 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 22:01 . 2010-11-21 00:15 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-08 22:01 . 2010-11-21 00:15 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-23 13:25 . 2002-08-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-06-23 18:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-07-26 04:31 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-08-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2002-08-29 12:00 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-22 04:02 . 2011-08-01 19:37 53248 ----a-r- c:\documents and settings\Clive\Application Data\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\ARPPRODUCTICON.exe
2011-10-22 04:02 . 2011-08-01 19:37 40960 ----a-r- c:\documents and settings\Clive\Application Data\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\NewShortcut2_8637FCC51F2244009511B0F022380F4D.exe
2011-10-22 04:02 . 2011-08-01 19:37 40960 ----a-r- c:\documents and settings\Clive\Application Data\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\NewShortcut1_A35BF946C93442D89CCA96E4AF7A10B3.exe
2011-10-18 11:13 . 2002-08-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-07-10 22:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 16:37 . 2009-07-17 01:48 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 05:49 . 2011-05-15 20:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 07:10 . 2011-04-09 17:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsDepSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS [12/12/2011 2:55 PM 83064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/12/2010 8:44 AM 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1302000.00A\symds.sys [12/8/2011 7:35 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1302000.00A\symefa.sys [12/8/2011 7:35 PM 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 4:20 PM 819320]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1302000.00A\ccsetx86.sys [12/8/2011 7:35 PM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1302000.00A\ironx86.sys [12/8/2011 7:35 PM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 Apache2.2;Apache2.2;d:\xampplite\apache\bin\httpd.exe [10/1/2011 9:33 AM 29416]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/25/2009 5:36 PM 366152]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [12/8/2011 7:34 PM 138760]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [12/21/2010 4:04 AM 987704]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [12/21/2010 4:04 AM 399416]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [9/29/2011 3:06 PM 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 9:29 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111216.001\IDSXpx86.sys [12/17/2011 10:16 AM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/25/2009 5:36 PM 22216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/13/2009 8:04 PM 47360]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]
S0 iycct;iycct;c:\windows\system32\drivers\bhcfi.sys --> c:\windows\system32\drivers\bhcfi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/29/2009 7:34 AM 30192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2009 10:12 PM 133104]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [9/29/2011 3:06 PM 28256]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\program files\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe [10/15/2009 5:51 AM 87336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2009 10:12 PM 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [10/29/2010 1:42 PM 245888]
S4 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [4/1/2011 7:17 PM 67400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-22 c:\windows\Tasks\GlaryInitialize.job
- d:\program files\Glary Utilities\initialize.exe [2009-07-22 00:02]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 06:12]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 06:12]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1004Core.job
- c:\documents and settings\Clive\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-23 06:12]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1004UA.job
- c:\documents and settings\Clive\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-23 06:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send To &Bluetooth - d:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PowerArchiver - d:\powerarchiver\UNINST.EXE
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-12-21 18:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4192)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\xampplite\mysql\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-12-21 18:16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 02:15
ComboFix2.txt 2009-11-26 01:10
.
Pre-Run: 46,555,459,584 bytes free
Post-Run: 47,568,580,608 bytes free
.
- - End Of File - - 5498EE1703427F4FC437FEE9804E69A1

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by rich_hilton on Thu 22 Dec 2011, 7:29 pm

Hi Dave
I have run ComboFix again since the 5:35PM run that produced the log above. It didn't complain about anything and Norton and a quick scan using MBAM didn't find anything though while it was running Norton Internet Security (Auto-Protect) said it was processing a security risk Trojan.ADH which it quarantined. I'm running a full scan of MBAM on all my desktop disks overnight.
Should I run SAS and DDS again and maybe apply any fixes they recommend?
All the best
Clive

rich_hilton

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2011-12-14
Operating System : XP and Vista

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Superdave on Fri 23 Dec 2011, 7:22 am

Should I run SAS and DDS again and maybe apply any fixes they recommend?
You can run SAS and MBAM again, if you wish. I don't need to see DDS logs.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Folder::
    c:\windows\$NtUninstallKB20212$

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this script.

***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Tidserv Activity 2

Post by Sponsored content Today at 9:29 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum